Update reverse-proxy.md #5241
Open
Update reverse-proxy.md #5241
+57
−58
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
few suggestions to help reading ^^ Signed-off-by: pun kyard <[email protected]>
szaimen
added
3. to review
docjyJ
reviewed
Sep 11, 2024
| @@ -2,23 +2,23 @@ | |||
|
|
|||
| **Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome! | |||
There was a problem hiding this comment.
Suggested change
| **Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome! | |
| > [!NOTE] | |
| > The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome! |
reverse-proxy.md
Outdated
| @@ -2,23 +2,23 @@ | |||
|
|
|||
| **Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome! | |||
|
|
|||
| A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a web server that enables computers on the internet to access a service in a [private subnet](https://en.wikipedia.org/wiki/Private_network). | |||
| A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically the entry point of a web server. It allows other computers to access the [private subnet](https://en.wikipedia.org/wiki/Private_network) of the web server over the Internet. | |||
There was a problem hiding this comment.
I'm not sure. A reverse proxy is not a web server. It's an entry point for receiving, modifying and transmitting network requests (not only http, and not necessarily to a private network).
In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.
A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Reverse proxies forward requests to one or more ordinary servers that handle the request.
There was a problem hiding this comment.
sorry, my mistake, somehow my sentence was truncated:
"A reverse proxy is basically a software service that can be thought of as the gateway of a web server that enables computers on the internet to access a service or web-site in a [private subnet] of that web server.
|
|
||
| In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. | ||
| In order to run Nextcloud behind a web server / reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to 1. specify the port that AIO's integrated Apache container shall use 2. add a specific config to your web server / reverse proxy 3. modify the startup command a bit. All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private server to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. |
There was a problem hiding this comment.
Suggested change
| In order to run Nextcloud behind a web server / reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to 1. specify the port that AIO's integrated Apache container shall use 2. add a specific config to your web server / reverse proxy 3. modify the startup command a bit. All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private server to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. | |
| In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to \n 1. specify the port that AIO's integrated Apache container shall use \n 2. add a specific config to your web server or reverse proxy \n 3. modify the startup command a bit. \n All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private network to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. |
I added \n so that the difference is visible in the github interface. Adding real newlines marks the entire text as modified.
There was a problem hiding this comment.
you could also use the
tag
| @@ -145,15 +145,15 @@ https://<your-nc-domain>:443 { | |||
| reverse_proxy localhost:11000 | |||
| } | |||
| ``` | |||
| The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container. | |||
| The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `docker-compose.yaml` file prior to starting the container. | |||
There was a problem hiding this comment.
Since compose files are used by multiple backends, compose.yaml is more relevant. See:
https://github.com/compose-spec/compose-spec/blob/231b09c30d339e950c0da17fe5bdc793366b8fde/03-compose-file.md?plain=1#L11-L13
|
|
||
| <details> | ||
|
|
||
| <summary>click here to expand</summary> | ||
|
|
||
| First, please make sure that the environmental variables `PUID` and `PGID` in the compose.yaml file for NPM are either unset or set to `0`. | ||
| First, make sure the environmental variables `PUID` and `PGID` in the docker-compose.yaml file for NPM are either unset or set to `0`. |
| @@ -393,19 +393,19 @@ server { | |||
|
|
|||
| ``` | |||
|
|
|||
| ⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. | |||
| ⚠️ **Please note:** look in [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. | |||
There was a problem hiding this comment.
I find it weird, but I'm not a native English speaker so I'm not sure.
| @@ -528,35 +526,35 @@ httpServer.on('upgrade', (req, socket, head) => { | |||
| }); | |||
| ``` | |||
|
|
|||
| ⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. | |||
| ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. | |||
There was a problem hiding this comment.
Here it has not been changed?
|
|
||
| After adjusting your reverse proxy config, use the following command to start AIO:<br> | ||
|
|
||
| (For a docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).) | ||
| (For a docker-compose.yml example, see the example further [below](#inspiration-for-a-docker-compose-file).) |
There was a problem hiding this comment.
Suggested change
| (For a docker-compose.yml example, see the example further [below](#inspiration-for-a-docker-compose-file).) | |
| (For a `compose.yaml` example, see the example further [below](#inspiration-for-a-docker-compose-file).) |
update on reverse proxy definition Signed-off-by: pun kyard <[email protected]>
docjyJ
reviewed
Sep 28, 2024
|
|
||
| **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). | ||
| **Please note:** Deploying the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). |
There was a problem hiding this comment.
I think publishing is better than deploying because it is deploying the interface without publishing it.
szaimen
added
2. developing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
few suggestions to help reading ^^