diff options
author | nodiscc <nodiscc@gmail.com> | 2020-08-15 20:03:43 +0200 |
---|---|---|
committer | nodiscc <nodiscc@gmail.com> | 2020-09-12 14:31:45 +0200 |
commit | 02117f7ea35d719351a99cd4f1c339b2ad4ef266 (patch) | |
tree | f52bdc6a6ba1a39bae3cc82bfe51a754d519b7f0 | |
parent | e21df1e7296cc7ed33e28989b86edebe7bc85b54 (diff) | |
download | Shaarli-02117f7ea35d719351a99cd4f1c339b2ad4ef266.tar.gz Shaarli-02117f7ea35d719351a99cd4f1c339b2ad4ef266.tar.zst Shaarli-02117f7ea35d719351a99cd4f1c339b2ad4ef266.zip |
doc: reverse proxy: update HTTP->HTTPS redirect configuration, remove logging options
-rw-r--r-- | doc/md/Reverse-proxy.md | 17 | ||||
-rw-r--r-- | doc/md/Server-configuration.md | 3 |
2 files changed, 12 insertions, 8 deletions
diff --git a/doc/md/Reverse-proxy.md b/doc/md/Reverse-proxy.md index 2c1c601e..77e4a04d 100644 --- a/doc/md/Reverse-proxy.md +++ b/doc/md/Reverse-proxy.md | |||
@@ -17,8 +17,17 @@ See also [proxy-related](https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%9 | |||
17 | ```apache | 17 | ```apache |
18 | <VirtualHost *:80> | 18 | <VirtualHost *:80> |
19 | ServerName shaarli.mydomain.org | 19 | ServerName shaarli.mydomain.org |
20 | # Redirect HTTP to HTTPS | 20 | DocumentRoot /var/www/shaarli.mydomain.org/ |
21 | Redirect permanent / https://shaarli.mydomain.org | 21 | |
22 | # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests | ||
23 | RewriteEngine on | ||
24 | RewriteRule ^.well-known/acme-challenge/ - [L] | ||
25 | RewriteCond %{HTTP_HOST} =shaarli.mydomain.org | ||
26 | RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] | ||
27 | # If you are using mod_md, use this instead | ||
28 | #MDCertificateAgreement accepted | ||
29 | #MDContactEmail admin@shaarli.mydomain.org | ||
30 | #MDPrivateKeys RSA 4096 | ||
22 | </VirtualHost> | 31 | </VirtualHost> |
23 | 32 | ||
24 | <VirtualHost *:443> | 33 | <VirtualHost *:443> |
@@ -28,10 +37,6 @@ See also [proxy-related](https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%9 | |||
28 | SSLCertificateFile /path/to/certificate | 37 | SSLCertificateFile /path/to/certificate |
29 | SSLCertificateKeyFile /path/to/private/key | 38 | SSLCertificateKeyFile /path/to/private/key |
30 | 39 | ||
31 | LogLevel warn | ||
32 | ErrorLog /var/log/apache2/error.log | ||
33 | CustomLog /var/log/apache2/access.log combined | ||
34 | |||
35 | # let the proxied shaarli server/container know HTTPS URLs should be served | 40 | # let the proxied shaarli server/container know HTTPS URLs should be served |
36 | RequestHeader set X-Forwarded-Proto "https" | 41 | RequestHeader set X-Forwarded-Proto "https" |
37 | 42 | ||
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index c63e296e..c1cf4310 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md | |||
@@ -1,7 +1,5 @@ | |||
1 | # Server configuration | 1 | # Server configuration |
2 | 2 | ||
3 | |||
4 | |||
5 | ## Requirements | 3 | ## Requirements |
6 | 4 | ||
7 | ### Operating system and web server | 5 | ### Operating system and web server |
@@ -24,6 +22,7 @@ Setup a **firewall** (using `iptables`, [ufw](https://www.digitalocean.com/commu | |||
24 | 22 | ||
25 | Shaarli makes outbound HTTP/HTTPS connections to websites you bookmark to fetch page information (title, thumbnails), the server must then have access to the Internet as well, and a working DNS resolver. | 23 | Shaarli makes outbound HTTP/HTTPS connections to websites you bookmark to fetch page information (title, thumbnails), the server must then have access to the Internet as well, and a working DNS resolver. |
26 | 24 | ||
25 | -------------------------------------------------------------------------------- | ||
27 | 26 | ||
28 | ### PHP | 27 | ### PHP |
29 | 28 | ||