]>
Commit | Line | Data |
---|---|---|
1a2c5dde V |
1 | ## Foreword |
2 | ||
3 | This guide assumes that: | |
4 | ||
5 | - Shaarli runs in a Docker container | |
6 | - The host's `10080` port is mapped to the container's `80` port | |
7 | - Shaarli's Fully Qualified Domain Name (FQDN) is `shaarli.domain.tld` | |
8 | - HTTP traffic is redirected to HTTPS | |
9 | ||
10 | ## Apache | |
11 | ||
12 | - [Apache 2.4 documentation](https://httpd.apache.org/docs/2.4/) | |
13 | - [mod_proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html) | |
14 | - [Reverse Proxy Request Headers](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#x-headers) | |
15 | ||
5045585f | 16 | The following HTTP headers are set when the `ProxyPass` directive is set: |
1a2c5dde V |
17 | |
18 | - `X-Forwarded-For` | |
19 | - `X-Forwarded-Host` | |
20 | - `X-Forwarded-Server` | |
21 | ||
5045585f | 22 | The original `SERVER_NAME` can be sent to the proxied host by setting the [`ProxyPreserveHost`](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#ProxyPreserveHost) directive to `On`. |
e7f4a03d | 23 | |
1a2c5dde V |
24 | ```apache |
25 | <VirtualHost *:80> | |
26 | ServerName shaarli.domain.tld | |
27 | Redirect permanent / https://shaarli.domain.tld | |
28 | </VirtualHost> | |
29 | ||
30 | <VirtualHost *:443> | |
31 | ServerName shaarli.domain.tld | |
32 | ||
33 | SSLEngine on | |
34 | SSLCertificateFile /path/to/cert | |
35 | SSLCertificateKeyFile /path/to/certkey | |
36 | ||
37 | LogLevel warn | |
38 | ErrorLog /var/log/apache2/shaarli-error.log | |
39 | CustomLog /var/log/apache2/shaarli-access.log combined | |
40 | ||
41 | RequestHeader set X-Forwarded-Proto "https" | |
e7f4a03d A |
42 | ProxyPreserveHost On |
43 | ||
1a2c5dde V |
44 | ProxyPass / http://127.0.0.1:10080/ |
45 | ProxyPassReverse / http://127.0.0.1:10080/ | |
46 | </VirtualHost> | |
47 | ``` | |
53ed6d7d | 48 | |
53ed6d7d | 49 | |
50 | ## HAProxy | |
51 | ||
1a2c5dde V |
52 | - [HAProxy documentation](https://cbonte.github.io/haproxy-dconv/) |
53 | ||
54 | ```conf | |
55 | global | |
56 | [...] | |
57 | ||
58 | defaults | |
59 | [...] | |
60 | ||
61 | frontend http-in | |
62 | bind :80 | |
63 | redirect scheme https code 301 if !{ ssl_fc } | |
64 | ||
65 | bind :443 ssl crt /path/to/cert.pem | |
66 | ||
67 | default_backend shaarli | |
68 | ||
69 | ||
70 | backend shaarli | |
71 | mode http | |
72 | option http-server-close | |
73 | option forwardfor | |
74 | reqadd X-Forwarded-Proto: https | |
75 | ||
76 | server shaarli1 127.0.0.1:10080 | |
77 | ``` | |
78 | ||
79 | ||
53ed6d7d | 80 | ## Nginx |
1a2c5dde V |
81 | |
82 | - [Nginx documentation](https://nginx.org/en/docs/) | |
83 | ||
84 | ```nginx | |
85 | http { | |
86 | [...] | |
87 | ||
88 | index index.html index.php; | |
89 | ||
90 | root /home/john/web; | |
91 | access_log /var/log/nginx/access.log; | |
92 | error_log /var/log/nginx/error.log; | |
93 | ||
94 | server { | |
95 | listen 80; | |
96 | server_name shaarli.domain.tld; | |
97 | return 301 https://shaarli.domain.tld$request_uri; | |
98 | } | |
99 | ||
100 | server { | |
101 | listen 443 ssl http2; | |
102 | server_name shaarli.domain.tld; | |
103 | ||
104 | ssl_certificate /path/to/cert | |
105 | ssl_certificate_key /path/to/certkey | |
106 | ||
107 | location / { | |
108 | proxy_set_header X-Real-IP $remote_addr; | |
109 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
110 | proxy_set_header X-Forwarded-Proto $scheme; | |
111 | proxy_set_header X-Forwarded-Host $host; | |
112 | ||
113 | proxy_pass http://localhost:10080/; | |
114 | proxy_set_header Host $host; | |
115 | proxy_connect_timeout 30s; | |
116 | proxy_read_timeout 120s; | |
117 | ||
118 | access_log /var/log/nginx/shaarli.access.log; | |
119 | error_log /var/log/nginx/shaarli.error.log; | |
120 | } | |
121 | } | |
122 | } | |
123 | ``` |