-
Notifications
You must be signed in to change notification settings - Fork 611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update reverse-proxy.md #5241
base: main
Are you sure you want to change the base?
Update reverse-proxy.md #5241
Conversation
few suggestions to help reading ^^ Signed-off-by: pun kyard <[email protected]>
@@ -2,23 +2,23 @@ | |||
|
|||
**Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
**Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome! | |
> [!NOTE] | |
> The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome! |
reverse-proxy.md
Outdated
@@ -2,23 +2,23 @@ | |||
|
|||
**Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome! | |||
|
|||
A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a web server that enables computers on the internet to access a service in a [private subnet](https://en.wikipedia.org/wiki/Private_network). | |||
A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically the entry point of a web server. It allows other computers to access the [private subnet](https://en.wikipedia.org/wiki/Private_network) of the web server over the Internet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure. A reverse proxy is not a web server. It's an entry point for receiving, modifying and transmitting network requests (not only http, and not necessarily to a private network).
In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.
A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Reverse proxies forward requests to one or more ordinary servers that handle the request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry, my mistake, somehow my sentence was truncated:
"A reverse proxy is basically a software service that can be thought of as the gateway of a web server that enables computers on the internet to access a service or web-site in a [private subnet] of that web server.
|
||
In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. | ||
In order to run Nextcloud behind a web server / reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to 1. specify the port that AIO's integrated Apache container shall use 2. add a specific config to your web server / reverse proxy 3. modify the startup command a bit. All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private server to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In order to run Nextcloud behind a web server / reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to 1. specify the port that AIO's integrated Apache container shall use 2. add a specific config to your web server / reverse proxy 3. modify the startup command a bit. All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private server to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. | |
In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to \n 1. specify the port that AIO's integrated Apache container shall use \n 2. add a specific config to your web server or reverse proxy \n 3. modify the startup command a bit. \n All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private network to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. |
I added \n so that the difference is visible in the github interface. Adding real newlines marks the entire text as modified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you could also use the
tag
@@ -145,15 +145,15 @@ https://<your-nc-domain>:443 { | |||
reverse_proxy localhost:11000 | |||
} | |||
``` | |||
The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container. | |||
The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `docker-compose.yaml` file prior to starting the container. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since compose files are used by multiple backends, compose.yaml
is more relevant. See:
https://github.com/compose-spec/compose-spec/blob/231b09c30d339e950c0da17fe5bdc793366b8fde/03-compose-file.md?plain=1#L11-L13
|
||
<details> | ||
|
||
<summary>click here to expand</summary> | ||
|
||
First, please make sure that the environmental variables `PUID` and `PGID` in the compose.yaml file for NPM are either unset or set to `0`. | ||
First, make sure the environmental variables `PUID` and `PGID` in the docker-compose.yaml file for NPM are either unset or set to `0`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same
@@ -393,19 +393,19 @@ server { | |||
|
|||
``` | |||
|
|||
⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. | |||
⚠️ **Please note:** look in [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find it weird, but I'm not a native English speaker so I'm not sure.
@@ -528,35 +526,35 @@ httpServer.on('upgrade', (req, socket, head) => { | |||
}); | |||
``` | |||
|
|||
⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. | |||
⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here it has not been changed?
|
||
After adjusting your reverse proxy config, use the following command to start AIO:<br> | ||
|
||
(For a docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).) | ||
(For a docker-compose.yml example, see the example further [below](#inspiration-for-a-docker-compose-file).) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(For a docker-compose.yml example, see the example further [below](#inspiration-for-a-docker-compose-file).) | |
(For a `compose.yaml` example, see the example further [below](#inspiration-for-a-docker-compose-file).) |
update on reverse proxy definition Signed-off-by: pun kyard <[email protected]>
|
||
**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). | ||
**Please note:** Deploying the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think publishing is better than deploying because it is deploying the interface without publishing it.
few suggestions to help reading ^^