-
-
Notifications
You must be signed in to change notification settings - Fork 172
Reverse Proxy
Ferdinand Mütsch edited this page Jan 17, 2022
·
3 revisions
These examples show how to run Wakapi behind a reverse, which is the recommended way of exposing your instance to the public. It assumes the Wakapi server listens on 127.0.0.1:3000 and you are using Let's Encrypt for SSL certificates.
See Caddyfile as an example.
When wanting to run a Wakapi under a sub-path of a domain (e.g. example.org/wakapi), configuration varies slightly. Here is an exemplary Caddyfile excerpt.
example.org {
route /wakapi* {
# optionally include other configuration options, like security headers, logging, server push, ...
uri strip_prefix /wakapi
reverse_proxy http://localhost:3000
}
}In addition, you need to set WAKAPI_BASE_PATH (or server.base_path, respectively) to the sub-path, in this case /wakapi.
upstream wakapi {
server localhost:3000;
}
server {
listen 443 ssl http2;
server_name wakapi.example.org;
gzip on;
ssl_certificate /etc/letsencrypt/live/wakapi.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wakapi.example.org/privkey.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_cache shared:MySSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://wakapi;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}<VirtualHost *:443>
ServerName wakapi.example.org
SSLProxyEngine On
ProxyPass / https://localhost:3000/
ProxyPassReverse / https://localhost:3000/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/wakapi.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/wakapi.example.org/privkey.pem
# Requires mod_remoteip to be enabled
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1
SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
</VirtualHost>