]>
Commit | Line | Data |
---|---|---|
1a2c5dde V |
1 | ## Foreword |
2 | ||
3 | This guide assumes that: | |
4 | ||
5 | - Shaarli runs in a Docker container | |
6 | - The host's `10080` port is mapped to the container's `80` port | |
7 | - Shaarli's Fully Qualified Domain Name (FQDN) is `shaarli.domain.tld` | |
8 | - HTTP traffic is redirected to HTTPS | |
9 | ||
10 | ## Apache | |
11 | ||
12 | - [Apache 2.4 documentation](https://httpd.apache.org/docs/2.4/) | |
13 | - [mod_proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html) | |
14 | - [Reverse Proxy Request Headers](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#x-headers) | |
15 | ||
16 | The following HTTP headers are set by using the `ProxyPass` directive: | |
17 | ||
18 | - `X-Forwarded-For` | |
19 | - `X-Forwarded-Host` | |
20 | - `X-Forwarded-Server` | |
21 | ||
22 | ```apache | |
23 | <VirtualHost *:80> | |
24 | ServerName shaarli.domain.tld | |
25 | Redirect permanent / https://shaarli.domain.tld | |
26 | </VirtualHost> | |
27 | ||
28 | <VirtualHost *:443> | |
29 | ServerName shaarli.domain.tld | |
30 | ||
31 | SSLEngine on | |
32 | SSLCertificateFile /path/to/cert | |
33 | SSLCertificateKeyFile /path/to/certkey | |
34 | ||
35 | LogLevel warn | |
36 | ErrorLog /var/log/apache2/shaarli-error.log | |
37 | CustomLog /var/log/apache2/shaarli-access.log combined | |
38 | ||
39 | RequestHeader set X-Forwarded-Proto "https" | |
40 | ||
41 | ProxyPass / http://127.0.0.1:10080/ | |
42 | ProxyPassReverse / http://127.0.0.1:10080/ | |
43 | </VirtualHost> | |
44 | ``` | |
53ed6d7d | 45 | |
53ed6d7d | 46 | |
47 | ## HAProxy | |
48 | ||
1a2c5dde V |
49 | - [HAProxy documentation](https://cbonte.github.io/haproxy-dconv/) |
50 | ||
51 | ```conf | |
52 | global | |
53 | [...] | |
54 | ||
55 | defaults | |
56 | [...] | |
57 | ||
58 | frontend http-in | |
59 | bind :80 | |
60 | redirect scheme https code 301 if !{ ssl_fc } | |
61 | ||
62 | bind :443 ssl crt /path/to/cert.pem | |
63 | ||
64 | default_backend shaarli | |
65 | ||
66 | ||
67 | backend shaarli | |
68 | mode http | |
69 | option http-server-close | |
70 | option forwardfor | |
71 | reqadd X-Forwarded-Proto: https | |
72 | ||
73 | server shaarli1 127.0.0.1:10080 | |
74 | ``` | |
75 | ||
76 | ||
53ed6d7d | 77 | ## Nginx |
1a2c5dde V |
78 | |
79 | - [Nginx documentation](https://nginx.org/en/docs/) | |
80 | ||
81 | ```nginx | |
82 | http { | |
83 | [...] | |
84 | ||
85 | index index.html index.php; | |
86 | ||
87 | root /home/john/web; | |
88 | access_log /var/log/nginx/access.log; | |
89 | error_log /var/log/nginx/error.log; | |
90 | ||
91 | server { | |
92 | listen 80; | |
93 | server_name shaarli.domain.tld; | |
94 | return 301 https://shaarli.domain.tld$request_uri; | |
95 | } | |
96 | ||
97 | server { | |
98 | listen 443 ssl http2; | |
99 | server_name shaarli.domain.tld; | |
100 | ||
101 | ssl_certificate /path/to/cert | |
102 | ssl_certificate_key /path/to/certkey | |
103 | ||
104 | location / { | |
105 | proxy_set_header X-Real-IP $remote_addr; | |
106 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
107 | proxy_set_header X-Forwarded-Proto $scheme; | |
108 | proxy_set_header X-Forwarded-Host $host; | |
109 | ||
110 | proxy_pass http://localhost:10080/; | |
111 | proxy_set_header Host $host; | |
112 | proxy_connect_timeout 30s; | |
113 | proxy_read_timeout 120s; | |
114 | ||
115 | access_log /var/log/nginx/shaarli.access.log; | |
116 | error_log /var/log/nginx/shaarli.error.log; | |
117 | } | |
118 | } | |
119 | } | |
120 | ``` |