enhancement(caddy): expose :8080 by default, trust private proxies

This commit changes the caddyfile to not directly rely on the
HD_BASE_URL environment variable, but instead default to port 8080 as
used in our package.json scripts and docs.
The caddy domain can optionally be overridden using the CADDY_HOST env
variable.
Furthermore, this change adds a section to trust reverse-proxies in
front of Caddy if they are in a private range IP address network.
Both these changes are required to be able to expose a local development
setup with another domain than localhost to a co-developer. With
this change it works without having Caddy trying to generate TLS
certificates for that domain nor HedgeDoc erroring about a origin
mismatch, that occurs as Caddy doesn't forward specific headers
otherwise.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2024-09-13 15:36:09 +02:00 committed by Philip Molares
parent f40aa020c4
commit e8793271a0
3 changed files with 30 additions and 14 deletions

View file

@ -1,20 +1,31 @@
# #
# SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) # SPDX-FileCopyrightText: 2024 The HedgeDoc developers (see AUTHORS file)
# #
# SPDX-License-Identifier: AGPL-3.0-only # SPDX-License-Identifier: AGPL-3.0-only
# #
{$HD_BASE_URL} # Allow private ranges as proxies, for example when running Caddy behind another reverse proxy
# Otherwise Caddy strips the required X-Forwarded-Proto and X-Forwarded-Host headers
log { # This is a common scenario when exposing a local dev setup to someone else
output stdout {
level WARN servers {
format console trusted_proxies static private_ranges
}
} }
reverse_proxy /realtime http://localhost:{$HD_BACKEND_PORT:3000} # Use port 8080 by default, but allow overriding using CADDY_HOST env variable
reverse_proxy /api/* http://localhost:{$HD_BACKEND_PORT:3000} {$CADDY_HOST::8080} {
reverse_proxy /public/* http://localhost:{$HD_BACKEND_PORT:3000}
reverse_proxy /uploads/* http://localhost:{$HD_BACKEND_PORT:3000} log {
reverse_proxy /media/* http://localhost:{$HD_BACKEND_PORT:3000} output stdout
reverse_proxy /* http://localhost:{$HD_FRONTEND_PORT:3001} level WARN
format console
}
reverse_proxy /realtime http://localhost:{$HD_BACKEND_PORT:3000}
reverse_proxy /api/* http://localhost:{$HD_BACKEND_PORT:3000}
reverse_proxy /public/* http://localhost:{$HD_BACKEND_PORT:3000}
reverse_proxy /uploads/* http://localhost:{$HD_BACKEND_PORT:3000}
reverse_proxy /media/* http://localhost:{$HD_BACKEND_PORT:3000}
reverse_proxy /* http://localhost:{$HD_FRONTEND_PORT:3001}
}

View file

@ -5,7 +5,7 @@
The following environment variables are recognized by the frontend process. The following environment variables are recognized by the frontend process.
| Name | Possible Values | Description | | Name | Possible Values | Description |
| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |--------------------------|----------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| HD_BASE_URL | Any URL with protocol, domain and optionally directory and port. Must end with a trailing slash. (e.g. `http://localhost:3001/`) | The URL under which the frontend is expected. Setting this is mandatory so the server side rendering can generate assets URLs. You only need to set this yourself if you use the production mode. | | HD_BASE_URL | Any URL with protocol, domain and optionally directory and port. Must end with a trailing slash. (e.g. `http://localhost:3001/`) | The URL under which the frontend is expected. Setting this is mandatory so the server side rendering can generate assets URLs. You only need to set this yourself if you use the production mode. |
| HD_RENDERER_BASE_URL | Same as `HD_BASE_URL` | You can provide this variable if the renderer should use another domain than the editor. This is recommended for security reasons but not mandatory. This variable is optional and will fallback to `HD_BASE_URL` | | HD_RENDERER_BASE_URL | Same as `HD_BASE_URL` | You can provide this variable if the renderer should use another domain than the editor. This is recommended for security reasons but not mandatory. This variable is optional and will fallback to `HD_BASE_URL` |
| NEXT_PUBLIC_USE_MOCK_API | `true`, `false` | Will activate the mocked backend | | NEXT_PUBLIC_USE_MOCK_API | `true`, `false` | Will activate the mocked backend |

View file

@ -155,6 +155,11 @@ We recommend to use our pre-configured [Caddy][caddy] configuration.
(if you installed Caddy via a package manager). (if you installed Caddy via a package manager).
3. Open your browser on <http://localhost:8080> 3. Open your browser on <http://localhost:8080>
It is also possible to use another domain and port other than `localhost:8080`.
To do so, you need to set the `HD_BASE_URL` environment variable accordingly.
Furthermore, for Caddy to work with a domain name (possibly creating TLS certificates),
set `CADDY_HOST` to your domain (for example `CADDY_HOST=http://my-hedgedoc.home:9000`).
[hedgedoc-repo]: https://github.com/hedgedoc/hedgedoc [hedgedoc-repo]: https://github.com/hedgedoc/hedgedoc
[yarn]: https://yarnpkg.com/getting-started/install [yarn]: https://yarnpkg.com/getting-started/install
[caddy]: https://caddyserver.com/ [caddy]: https://caddyserver.com/