From 2f5ca846059c0e572c6a84d80f60ff03e2f42fe6 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 13 Dec 2020 19:07:26 +0100 Subject: Document reverse proxy config for Apache As we found out in #616, Apache does not set the `X-Forwarded-Proto` header, which is now required because we switched to secure cookies in 383d791a50919bb9890a3f3f797ecc95125ab8bf. Signed-off-by: David Mehren --- docs/setup/reverse-proxy.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/setup/reverse-proxy.md b/docs/setup/reverse-proxy.md index 8262100a..f6352ac0 100644 --- a/docs/setup/reverse-proxy.md +++ b/docs/setup/reverse-proxy.md @@ -67,3 +67,29 @@ server { ssl_dhparam ssl-dhparams.pem; } ``` +### Apache +You will need these modules enabled: `proxy`, `proxy_http` and `proxy_wstunnel`. +Here is an example config snippet: +``` + + ServerName hedgedoc.example.com + + RewriteEngine on + RewriteCond %{REQUEST_URI} ^/socket.io [NC] + RewriteCond %{HTTP:Upgrade} =websocket [NC] + RewriteRule /(.*) ws://127.0.0.1:3000/$1 [P,L] + + ProxyPass / http://127.0.0.1:3000/ + ProxyPassReverse / http://127.0.0.1:3000/ + + RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLCertificateFile /etc/letsencrypt/live/hedgedoc.example.com/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/hedgedoc.example.com/privkey.pem + Include /etc/letsencrypt/options-ssl-apache.conf + +``` + -- cgit v1.2.3 From 22d2bf00fc1e69dda27ba436ad34bc5265ce4b83 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 13 Dec 2020 19:07:47 +0100 Subject: Fix typo in reverse proxy docs Signed-off-by: David Mehren --- docs/setup/reverse-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/setup/reverse-proxy.md b/docs/setup/reverse-proxy.md index f6352ac0..b1e7f32f 100644 --- a/docs/setup/reverse-proxy.md +++ b/docs/setup/reverse-proxy.md @@ -7,7 +7,7 @@ This documentation will cover HTTPS setup, with comments for HTTP setup. ## HedgeDoc config -[Full explaination of the configuration options](../configuration.md) +[Full explanation of the configuration options](../configuration.md) | `config.json` parameter | Environment variable | Value | Example | |-------------------------|----------------------|-------|---------| -- cgit v1.2.3