doc/md/docker/reverse-proxy-configuration.md

   1 ## Foreword
   2
   3 This guide assumes that:
   4
   5 - Shaarli runs in a Docker container
   6 - The host's `10080` port is mapped to the container's `80` port
   7 - Shaarli's Fully Qualified Domain Name (FQDN) is `shaarli.domain.tld`
   8 - HTTP traffic is redirected to HTTPS
   9
  10 ## Apache
  11
  12 - [Apache 2.4 documentation](https://httpd.apache.org/docs/2.4/)
  13     - [mod_proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html)
  14     - [Reverse Proxy Request Headers](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#x-headers)
  15
  16 The following HTTP headers are set by using the `ProxyPass` directive:
  17
  18 - `X-Forwarded-For`
  19 - `X-Forwarded-Host`
  20 - `X-Forwarded-Server`
  21
  22 ```apache
  23 <VirtualHost *:80>
  24     ServerName shaarli.domain.tld
  25     Redirect permanent / https://shaarli.domain.tld
  26 </VirtualHost>
  27
  28 <VirtualHost *:443>
  29     ServerName shaarli.domain.tld
  30
  31     SSLEngine on
  32     SSLCertificateFile    /path/to/cert
  33     SSLCertificateKeyFile /path/to/certkey
  34
  35     LogLevel warn
  36     ErrorLog  /var/log/apache2/shaarli-error.log
  37     CustomLog /var/log/apache2/shaarli-access.log combined
  38
  39     RequestHeader set X-Forwarded-Proto "https"
  40
  41     ProxyPass        / http://127.0.0.1:10080/
  42     ProxyPassReverse / http://127.0.0.1:10080/
  43 </VirtualHost>
  44 ```
  45
  46
  47 ## HAProxy
  48
  49 - [HAProxy documentation](https://cbonte.github.io/haproxy-dconv/)
  50
  51 ```conf
  52 global
  53     [...]
  54
  55 defaults
  56     [...]
  57
  58 frontend http-in
  59     bind :80
  60         redirect scheme https code 301 if !{ ssl_fc }
  61
  62         bind :443 ssl crt /path/to/cert.pem
  63
  64         default_backend shaarli
  65
  66
  67 backend shaarli
  68     mode http
  69     option http-server-close
  70     option forwardfor
  71     reqadd X-Forwarded-Proto: https
  72
  73     server shaarli1 127.0.0.1:10080
  74 ```
  75
  76
  77 ## Nginx
  78
  79 - [Nginx documentation](https://nginx.org/en/docs/)
  80
  81 ```nginx
  82 http {
  83     [...]
  84
  85     index index.html index.php;
  86
  87     root        /home/john/web;
  88     access_log  /var/log/nginx/access.log;
  89     error_log   /var/log/nginx/error.log;
  90
  91         server {
  92                 listen       80;
  93                 server_name  shaarli.domain.tld;
  94                 return       301 https://shaarli.domain.tld$request_uri;
  95         }
  96
  97         server {
  98                 listen       443 ssl http2;
  99                 server_name  shaarli.domain.tld;
 100
 101         ssl_certificate       /path/to/cert
 102         ssl_certificate_key   /path/to/certkey
 103
 104                 location / {
 105                         proxy_set_header  X-Real-IP         $remote_addr;
 106                         proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
 107                         proxy_set_header  X-Forwarded-Proto $scheme;
 108                         proxy_set_header  X-Forwarded-Host  $host;
 109
 110                         proxy_pass             http://localhost:10080/;
 111                         proxy_set_header Host  $host;
 112                         proxy_connect_timeout  30s;
 113                         proxy_read_timeout     120s;
 114
 115                         access_log      /var/log/nginx/shaarli.access.log;
 116                         error_log       /var/log/nginx/shaarli.error.log;
 117                 }
 118         }
 119 }
 120 ```