Document reverse proxy config for Apache

As we found out in #616, Apache does not set the `X-Forwarded-Proto` header, which is now required because we switched to secure cookies in 383d791a50919bb9890a3f3f797ecc95125ab8bf. Signed-off-by: David Mehren <git@herrmehren.de>
author: David Mehren 2020-12-13 19:07:26 +0100
committer: David Mehren 2020-12-13 19:09:34 +0100
commit: 2f5ca846059c0e572c6a84d80f60ff03e2f42fe6 (patch)
tree: ac83cae4a2a813646f9a947cb1bc26139f7a39a8 /docs
parent: 70ff301e15b59dd786f3aa5bc9da46c7dc50b00d (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/docs/setup/reverse-proxy.md b/docs/setup/reverse-proxy.md
index 8262100a..f6352ac0 100644
--- a/docs/setup/reverse-proxy.md
+++ b/docs/setup/reverse-proxy.md
@@ -67,3 +67,29 @@ server {
     ssl_dhparam ssl-dhparams.pem;
 }
 ```
+### Apache
+You will need these modules enabled: `proxy`, `proxy_http` and `proxy_wstunnel`.  
+Here is an example config snippet:
+```
+<VirtualHost *:443>
+  ServerName hedgedoc.example.com
+
+  RewriteEngine on
+  RewriteCond %{REQUEST_URI} ^/socket.io             [NC]
+  RewriteCond %{HTTP:Upgrade} =websocket [NC]
+  RewriteRule /(.*)  ws://127.0.0.1:3000/$1          [P,L]
+
+  ProxyPass / http://127.0.0.1:3000/
+  ProxyPassReverse / http://127.0.0.1:3000/
+
+  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+        
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+  SSLCertificateFile /etc/letsencrypt/live/hedgedoc.example.com/fullchain.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/hedgedoc.example.com/privkey.pem
+  Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+```
+
author	David Mehren	2020-12-13 19:07:26 +0100
committer	David Mehren	2020-12-13 19:09:34 +0100
commit	2f5ca846059c0e572c6a84d80f60ff03e2f42fe6 (patch)
tree	ac83cae4a2a813646f9a947cb1bc26139f7a39a8 /docs
parent	70ff301e15b59dd786f3aa5bc9da46c7dc50b00d (diff)