diff options
-rw-r--r-- | .github/pull_request_template.md | 10 | ||||
-rw-r--r-- | .github/workflows/node.js.yml | 10 | ||||
-rw-r--r-- | docs/setup/reverse-proxy.md | 69 | ||||
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | public/views/error.ejs | 1 | ||||
-rw-r--r-- | public/views/hedgedoc.ejs | 2 | ||||
-rw-r--r-- | public/views/hedgedoc/footer.ejs (renamed from public/views/hedgedoc/foot.ejs) | 0 | ||||
-rw-r--r-- | public/views/index.ejs | 1 | ||||
-rw-r--r-- | public/views/index/foot.ejs | 12 | ||||
-rw-r--r-- | public/views/index/footer.ejs | 12 | ||||
-rw-r--r-- | yarn.lock | 8 |
11 files changed, 100 insertions, 27 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fbc61e54..b5e478cf 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -6,12 +6,12 @@ This PR fixes/adds/improves/... ### Steps -<!-- please tick steps this PR performs (if something is not necessary, please tick anyway to indicate you considered it) --> +<!-- Please tick all steps this PR performs (if something is not necessary, please remove it) --> -- [ ] added implementation -- [ ] added / updated tests -- [ ] added / updated documentation -- [ ] extended changelog +- [ ] Added implementation +- [ ] Added / updated tests +- [ ] Added / updated documentation +- [ ] I read the [contribution documentation](https://github.com/hedgedoc/hedgedoc/blob/master/CONTRIBUTING.md) and signed-off my commits to accept the DCO. ### Related Issue(s) <!-- e.g #123 --> diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 1d7b59d5..bff19dad 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -78,5 +78,11 @@ jobs: ${{ runner.os }}-yarn- - run: yarn --frozen-lockfile --prefer-offline - run: yarn run build - - + - uses: actions/upload-artifact@v2 + if: github.ref == 'refs/heads/master' && matrix.node-version == '14.x' + with: + name: Prebuild with Node.js ${{ matrix.node-version }} + path: | + ** + !.git + !node_modules diff --git a/docs/setup/reverse-proxy.md b/docs/setup/reverse-proxy.md new file mode 100644 index 00000000..8262100a --- /dev/null +++ b/docs/setup/reverse-proxy.md @@ -0,0 +1,69 @@ +# Using a Reverse Proxy with HedgeDoc + +If you want to use a reverse proxy to serve HedgeDoc, here are the essential +configs that you'll have to do. + +This documentation will cover HTTPS setup, with comments for HTTP setup. + +## HedgeDoc config + +[Full explaination of the configuration options](../configuration.md) + +| `config.json` parameter | Environment variable | Value | Example | +|-------------------------|----------------------|-------|---------| +| `domain` | `CMD_DOMAIN` | The full domain where your instance will be available | `hedgedoc.example.com` | +| `host` | `CMD_HOST` | An ip or domain name that is only available to HedgeDoc and your reverse proxy | `localhost` | +| `port` | `CMD_PORT` | An available port number on that IP | `3000` | +| `path` | `CMD_PATH` | path to UNIX domain socket to listen on (if specified, `host` or `CMD_HOST` and `port` or `CMD_PORT` are ignored) | `/var/run/hedgedoc.sock` | +| `protocolUseSSL` | `CMD_PROTOCOL_USESSL` | `true` if you want to serve your instance over SSL (HTTPS), `false` if you want to use plain HTTP | `true` | +| `useSSL` | | `false`, the communications between HedgeDoc and the proxy are unencrypted | `false` | +| `urlAddPort` | `CMD_URL_ADDPORT` | `false`, HedgeDoc should not append its port to the URLs it links | `false` | +| `hsts.enable` | `CMD_HSTS_ENABLE` | `true` if you host over SSL, `false` otherwise | `true` | + + +## Reverse Proxy config + +### Generic + +The reverse proxy must allow websocket `Upgrade` requests at path `/sockets.io/`. + +It must pass through the scheme used by the client (http or https). + +### Nginx + +Here is an example configuration for Nginx. + +``` +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} +server { + server_name hedgedoc.example.com; + + location / { + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /socket.io/ { + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + + listen [::]:443 ssl http2; + listen 443 ssl http2; + ssl_certificate fullchain.pem; + ssl_certificate_key privkey.pem; + include options-ssl-nginx.conf; + ssl_dhparam ssl-dhparams.pem; +} +``` diff --git a/package.json b/package.json index 5533fea0..d4173f8a 100644 --- a/package.json +++ b/package.json @@ -175,7 +175,7 @@ "babel-polyfill": "6.26.0", "babel-preset-env": "1.7.0", "babel-runtime": "6.26.0", - "copy-webpack-plugin": "6.3.1", + "copy-webpack-plugin": "6.3.2", "css-loader": "3.6.0", "eslint": "5.16.0", "eslint-config-standard": "12.0.0", diff --git a/public/views/error.ejs b/public/views/error.ejs index e208d778..df951d4a 100644 --- a/public/views/error.ejs +++ b/public/views/error.ejs @@ -13,7 +13,6 @@ <h1><%- code %> <%- detail %> <small><%- msg %></small></h1> </div> </div> - <%- include hedgedoc/footer %> </body> </html> diff --git a/public/views/hedgedoc.ejs b/public/views/hedgedoc.ejs index cfedb2b5..f17150c4 100644 --- a/public/views/hedgedoc.ejs +++ b/public/views/hedgedoc.ejs @@ -8,7 +8,7 @@ <body> <%- include hedgedoc/header %> <%- include hedgedoc/body %> - <%- include hedgedoc/foot %> + <%- include hedgedoc/footer %> </body> </html> diff --git a/public/views/hedgedoc/foot.ejs b/public/views/hedgedoc/footer.ejs index 9d620e29..9d620e29 100644 --- a/public/views/hedgedoc/foot.ejs +++ b/public/views/hedgedoc/footer.ejs diff --git a/public/views/index.ejs b/public/views/index.ejs index 5732db4a..0da58bcd 100644 --- a/public/views/index.ejs +++ b/public/views/index.ejs @@ -9,7 +9,6 @@ <%- include index/header %> <%- include index/body %> <%- include index/footer %> - <%- include index/foot %> </body> </html> diff --git a/public/views/index/foot.ejs b/public/views/index/foot.ejs deleted file mode 100644 index 638f4930..00000000 --- a/public/views/index/foot.ejs +++ /dev/null @@ -1,12 +0,0 @@ -<% if(useCDN) { %> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/list.pagination.js/0.1.1/list.pagination.min.js" integrity="sha256-WwTza96H3BgcQTfEfxX7MFaFc/dZA0QrPRKDRLdFHJo=" crossorigin="anonymous" defer></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js" integrity="sha256-HzzZFiY4t0PIv02Tm8/R3CVvLpcjHhO1z/YAUCp4oQ4=" crossorigin="anonymous" defer></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/1000hz-bootstrap-validator/0.11.8/validator.min.js" integrity="sha256-LHeY7YoYJ0SSXbCx7sR14Pqna+52moaH3bhv0Mjzd/M=" crossorigin="anonymous" defer></script> -<%- include ../build/cover-scripts %> -<% } else { %> -<%- include ../build/cover-pack-scripts %> -<% } %>
\ No newline at end of file diff --git a/public/views/index/footer.ejs b/public/views/index/footer.ejs index e69de29b..638f4930 100644 --- a/public/views/index/footer.ejs +++ b/public/views/index/footer.ejs @@ -0,0 +1,12 @@ +<% if(useCDN) { %> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/list.pagination.js/0.1.1/list.pagination.min.js" integrity="sha256-WwTza96H3BgcQTfEfxX7MFaFc/dZA0QrPRKDRLdFHJo=" crossorigin="anonymous" defer></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js" integrity="sha256-HzzZFiY4t0PIv02Tm8/R3CVvLpcjHhO1z/YAUCp4oQ4=" crossorigin="anonymous" defer></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/1000hz-bootstrap-validator/0.11.8/validator.min.js" integrity="sha256-LHeY7YoYJ0SSXbCx7sR14Pqna+52moaH3bhv0Mjzd/M=" crossorigin="anonymous" defer></script> +<%- include ../build/cover-scripts %> +<% } else { %> +<%- include ../build/cover-pack-scripts %> +<% } %>
\ No newline at end of file @@ -2642,10 +2642,10 @@ copy-descriptor@^0.1.0: resolved "https://registry.yarnpkg.com/copy-descriptor/-/copy-descriptor-0.1.1.tgz#676f6eb3c39997c2ee1ac3a924fd6124748f578d" integrity sha1-Z29us8OZl8LuGsOpJP1hJHSPV40= -copy-webpack-plugin@6.3.1: - version "6.3.1" - resolved "https://registry.yarnpkg.com/copy-webpack-plugin/-/copy-webpack-plugin-6.3.1.tgz#ceb6e9c3e4910e63a774fd4a27451156775f6e2a" - integrity sha512-SyIMdP6H3v+zPU+VIhKRsK0ZEF82KZ93JBlKOoIW8SkkuI84FSrHxG+aMTE1u4csbi9PLRqqWTIK+bfJ2xsFuQ== +copy-webpack-plugin@6.3.2: + version "6.3.2" + resolved "https://registry.yarnpkg.com/copy-webpack-plugin/-/copy-webpack-plugin-6.3.2.tgz#0e920a6c181a5052aa6e2861b164bda03f83afeb" + integrity sha512-MgJ1uouLIbDg4ST1GzqrGQyKoXY5iPqi6fghFqarijam7FQcBa/r6Rg0VkoIuzx75Xq8iAMghyOueMkWUQ5OaA== dependencies: cacache "^15.0.5" fast-glob "^3.2.4" |