mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-21 09:16:30 -05:00
enhancement(caddy): expose :8080 by default, trust private proxies
This commit changes the caddyfile to not directly rely on the HD_BASE_URL environment variable, but instead default to port 8080 as used in our package.json scripts and docs. The caddy domain can optionally be overridden using the CADDY_HOST env variable. Furthermore, this change adds a section to trust reverse-proxies in front of Caddy if they are in a private range IP address network. Both these changes are required to be able to expose a local development setup with another domain than localhost to a co-developer. With this change it works without having Caddy trying to generate TLS certificates for that domain nor HedgeDoc erroring about a origin mismatch, that occurs as Caddy doesn't forward specific headers otherwise. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
parent
f40aa020c4
commit
e8793271a0
3 changed files with 30 additions and 14 deletions
|
@ -1,10 +1,20 @@
|
||||||
#
|
#
|
||||||
# SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
|
# SPDX-FileCopyrightText: 2024 The HedgeDoc developers (see AUTHORS file)
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
#
|
#
|
||||||
|
|
||||||
{$HD_BASE_URL}
|
# Allow private ranges as proxies, for example when running Caddy behind another reverse proxy
|
||||||
|
# Otherwise Caddy strips the required X-Forwarded-Proto and X-Forwarded-Host headers
|
||||||
|
# This is a common scenario when exposing a local dev setup to someone else
|
||||||
|
{
|
||||||
|
servers {
|
||||||
|
trusted_proxies static private_ranges
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Use port 8080 by default, but allow overriding using CADDY_HOST env variable
|
||||||
|
{$CADDY_HOST::8080} {
|
||||||
|
|
||||||
log {
|
log {
|
||||||
output stdout
|
output stdout
|
||||||
|
@ -18,3 +28,4 @@ reverse_proxy /public/* http://localhost:{$HD_BACKEND_PORT:3000}
|
||||||
reverse_proxy /uploads/* http://localhost:{$HD_BACKEND_PORT:3000}
|
reverse_proxy /uploads/* http://localhost:{$HD_BACKEND_PORT:3000}
|
||||||
reverse_proxy /media/* http://localhost:{$HD_BACKEND_PORT:3000}
|
reverse_proxy /media/* http://localhost:{$HD_BACKEND_PORT:3000}
|
||||||
reverse_proxy /* http://localhost:{$HD_FRONTEND_PORT:3001}
|
reverse_proxy /* http://localhost:{$HD_FRONTEND_PORT:3001}
|
||||||
|
}
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
The following environment variables are recognized by the frontend process.
|
The following environment variables are recognized by the frontend process.
|
||||||
|
|
||||||
| Name | Possible Values | Description |
|
| Name | Possible Values | Description |
|
||||||
| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|--------------------------|----------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| HD_BASE_URL | Any URL with protocol, domain and optionally directory and port. Must end with a trailing slash. (e.g. `http://localhost:3001/`) | The URL under which the frontend is expected. Setting this is mandatory so the server side rendering can generate assets URLs. You only need to set this yourself if you use the production mode. |
|
| HD_BASE_URL | Any URL with protocol, domain and optionally directory and port. Must end with a trailing slash. (e.g. `http://localhost:3001/`) | The URL under which the frontend is expected. Setting this is mandatory so the server side rendering can generate assets URLs. You only need to set this yourself if you use the production mode. |
|
||||||
| HD_RENDERER_BASE_URL | Same as `HD_BASE_URL` | You can provide this variable if the renderer should use another domain than the editor. This is recommended for security reasons but not mandatory. This variable is optional and will fallback to `HD_BASE_URL` |
|
| HD_RENDERER_BASE_URL | Same as `HD_BASE_URL` | You can provide this variable if the renderer should use another domain than the editor. This is recommended for security reasons but not mandatory. This variable is optional and will fallback to `HD_BASE_URL` |
|
||||||
| NEXT_PUBLIC_USE_MOCK_API | `true`, `false` | Will activate the mocked backend |
|
| NEXT_PUBLIC_USE_MOCK_API | `true`, `false` | Will activate the mocked backend |
|
||||||
|
|
|
@ -155,6 +155,11 @@ We recommend to use our pre-configured [Caddy][caddy] configuration.
|
||||||
(if you installed Caddy via a package manager).
|
(if you installed Caddy via a package manager).
|
||||||
3. Open your browser on <http://localhost:8080>
|
3. Open your browser on <http://localhost:8080>
|
||||||
|
|
||||||
|
It is also possible to use another domain and port other than `localhost:8080`.
|
||||||
|
To do so, you need to set the `HD_BASE_URL` environment variable accordingly.
|
||||||
|
Furthermore, for Caddy to work with a domain name (possibly creating TLS certificates),
|
||||||
|
set `CADDY_HOST` to your domain (for example `CADDY_HOST=http://my-hedgedoc.home:9000`).
|
||||||
|
|
||||||
[hedgedoc-repo]: https://github.com/hedgedoc/hedgedoc
|
[hedgedoc-repo]: https://github.com/hedgedoc/hedgedoc
|
||||||
[yarn]: https://yarnpkg.com/getting-started/install
|
[yarn]: https://yarnpkg.com/getting-started/install
|
||||||
[caddy]: https://caddyserver.com/
|
[caddy]: https://caddyserver.com/
|
||||||
|
|
Loading…
Reference in a new issue