Home Explore Help
Sign In
kotnik
/
shaarli
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d9bf5b31ff
Branches Tags
shaarli
/
doc
/
md
/
docker
/
reverse-proxy-configuration.md

reverse-proxy-configuration.md 2.8 KB
History Raw

Foreword

This guide assumes that:

  • Shaarli runs in a Docker container
  • The host's 10080 port is mapped to the container's 80 port
  • Shaarli's Fully Qualified Domain Name (FQDN) is shaarli.domain.tld
  • HTTP traffic is redirected to HTTPS

Apache

The following HTTP headers are set when the ProxyPass directive is set:

  • X-Forwarded-For
  • X-Forwarded-Host
  • X-Forwarded-Server

The original SERVER_NAME can be sent to the proxied host by setting the ProxyPreserveHost directive to On.

<VirtualHost *:80>
    ServerName shaarli.domain.tld
    Redirect permanent / https://shaarli.domain.tld
</VirtualHost>

<VirtualHost *:443>
    ServerName shaarli.domain.tld

    SSLEngine on
    SSLCertificateFile    /path/to/cert
    SSLCertificateKeyFile /path/to/certkey

    LogLevel warn
    ErrorLog  /var/log/apache2/shaarli-error.log
    CustomLog /var/log/apache2/shaarli-access.log combined

    RequestHeader set X-Forwarded-Proto "https"
    ProxyPreserveHost On
    
    ProxyPass        / http://127.0.0.1:10080/
    ProxyPassReverse / http://127.0.0.1:10080/
</VirtualHost>

HAProxy

  • HAProxy documentation

    global
[...]

defaults
[...]

frontend http-in
bind :80
	redirect scheme https code 301 if !{ ssl_fc }

	bind :443 ssl crt /path/to/cert.pem

	default_backend shaarli


backend shaarli
mode http
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto: https

server shaarli1 127.0.0.1:10080

Nginx

  • Nginx documentation

    http {
[...]

index index.html index.php;

root        /home/john/web;
access_log  /var/log/nginx/access.log;
error_log   /var/log/nginx/error.log;

	server {
		listen       80;
		server_name  shaarli.domain.tld;
		return       301 https://shaarli.domain.tld$request_uri;
	}

	server {
		listen       443 ssl http2;
		server_name  shaarli.domain.tld;

    ssl_certificate       /path/to/cert
    ssl_certificate_key   /path/to/certkey

		location / {
			proxy_set_header  X-Real-IP         $remote_addr;
			proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
			proxy_set_header  X-Forwarded-Proto $scheme;
			proxy_set_header  X-Forwarded-Host  $host;

			proxy_pass             http://localhost:10080/;
			proxy_set_header Host  $host;
			proxy_connect_timeout  30s;
			proxy_read_timeout     120s;

			access_log      /var/log/nginx/shaarli.access.log;
			error_log       /var/log/nginx/shaarli.error.log;
		}
	}
}