]> git.immae.eu Git - github/shaarli/Shaarli.git/blob - doc/md/Reverse-proxy.md
projects / github / shaarli / Shaarli.git / blob
? search:


77e4a04d7e12f11da847d0419b65e601ab57a5a5
[github/shaarli/Shaarli.git] / doc / md / Reverse-proxy.md
1 # Reverse proxy
2
3 If Shaarli is hosted on a server behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) (i.e. there is a proxy server between clients and the web server hosting Shaarli), configure it accordingly. See [Reverse proxy](Reverse-proxy.md) configuration. In this example:
4
5 - The Shaarli application server exposes port `10080` to the proxy (for example docker container started with `--publish 127.0.0.1:10080:80`).
6 - The Shaarli application server runs at `127.0.0.1` (container). Replace with the server's IP address if running on a different machine.
7 - Shaarli's Fully Qualified Domain Name (FQDN) is `shaarli.mydomain.org`.
8 - No HTTPS is setup on the application server, SSL termination is done at the reverse proxy.
9
10 In your [Shaarli configuration](Shaarli-configuration) `data/config.json.php`, add the public IP of your proxy under `security.trusted_proxies`.
11
12 See also [proxy-related](https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%93&q=label%3Aproxy+) issues.
13
14
15 ## Apache
16
17 ```apache
18 <VirtualHost *:80>
19 ServerName shaarli.mydomain.org
20 DocumentRoot /var/www/shaarli.mydomain.org/
21
22 # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests
23 RewriteEngine on
24 RewriteRule ^.well-known/acme-challenge/ - [L]
25 RewriteCond %{HTTP_HOST} =shaarli.mydomain.org
26 RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent]
27 # If you are using mod_md, use this instead
28 #MDCertificateAgreement accepted
29 #MDContactEmail admin@shaarli.mydomain.org
30 #MDPrivateKeys RSA 4096
31 </VirtualHost>
32
33 <VirtualHost *:443>
34 ServerName shaarli.mydomain.org
35
36 SSLEngine on
37 SSLCertificateFile /path/to/certificate
38 SSLCertificateKeyFile /path/to/private/key
39
40 # let the proxied shaarli server/container know HTTPS URLs should be served
41 RequestHeader set X-Forwarded-Proto "https"
42
43 # send the original SERVER_NAME to the proxied host
44 ProxyPreserveHost On
45
46 # pass requests to the proxied host
47 # sets X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers
48 ProxyPass / http://127.0.0.1:10080/
49 ProxyPassReverse / http://127.0.0.1:10080/
50 </VirtualHost>
51 ```
52
53
54 ## HAProxy
55
56
57 ```conf
58 global
59 [...]
60
61 defaults
62 [...]
63
64 frontend http-in
65 bind :80
66 redirect scheme https code 301 if !{ ssl_fc }
67 bind :443 ssl crt /path/to/cert.pem
68 default_backend shaarli
69
70 backend shaarli
71 mode http
72 option http-server-close
73 option forwardfor
74 reqadd X-Forwarded-Proto: https
75 server shaarli1 127.0.0.1:10080
76 ```
77
78
79 ## Nginx
80
81
82 ```nginx
83 http {
84 [...]
85
86 index index.html index.php;
87
88 root /home/john/web;
89 access_log /var/log/nginx/access.log combined;
90 error_log /var/log/nginx/error.log;
91
92 server {
93 listen 80;
94 server_name shaarli.mydomain.org;
95 # redirect HTTP to HTTPS
96 return 301 https://shaarli.mydomain.org$request_uri;
97 }
98
99 server {
100 listen 443 ssl http2;
101 server_name shaarli.mydomain.org;
102
103 ssl_certificate /path/to/certificate
104 ssl_certificate_key /path/to/private/key
105
106 location / {
107 proxy_set_header X-Real-IP $remote_addr;
108 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
109 proxy_set_header X-Forwarded-Proto $scheme;
110 proxy_set_header X-Forwarded-Host $host;
111
112 # pass requests to the proxied host
113 proxy_pass http://localhost:10080/;
114 proxy_set_header Host $host;
115 proxy_connect_timeout 30s;
116 proxy_read_timeout 120s;
117 }
118 }
119 }
120 ```
121
The personal, minimalist, super-fast, database free, bookmarking service - community repo