From 2f5ca846059c0e572c6a84d80f60ff03e2f42fe6 Mon Sep 17 00:00:00 2001
From: David Mehren
Date: Sun, 13 Dec 2020 19:07:26 +0100
Subject: Document reverse proxy config for Apache

As we found out in #616, Apache does not set the `X-Forwarded-Proto` header, which is now required because we switched to secure cookies in 383d791a50919bb9890a3f3f797ecc95125ab8bf.

Signed-off-by: David Mehren <git@herrmehren.de>
---
 docs/setup/reverse-proxy.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'docs')

diff --git a/docs/setup/reverse-proxy.md b/docs/setup/reverse-proxy.md
index 8262100a..f6352ac0 100644
--- a/docs/setup/reverse-proxy.md
+++ b/docs/setup/reverse-proxy.md
@@ -67,3 +67,29 @@ server {
     ssl_dhparam ssl-dhparams.pem;
 }
 ```
+### Apache
+You will need these modules enabled: `proxy`, `proxy_http` and `proxy_wstunnel`.  
+Here is an example config snippet:
+```
+<VirtualHost *:443>
+  ServerName hedgedoc.example.com
+
+  RewriteEngine on
+  RewriteCond %{REQUEST_URI} ^/socket.io             [NC]
+  RewriteCond %{HTTP:Upgrade} =websocket [NC]
+  RewriteRule /(.*)  ws://127.0.0.1:3000/$1          [P,L]
+
+  ProxyPass / http://127.0.0.1:3000/
+  ProxyPassReverse / http://127.0.0.1:3000/
+
+  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+        
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+  SSLCertificateFile /etc/letsencrypt/live/hedgedoc.example.com/fullchain.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/hedgedoc.example.com/privkey.pem
+  Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+```
+
-- 
cgit v1.2.3