eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 14:36:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #1741 from hunhejj/patch-4

Browse source 
Rewrite Traefik examples using YAML
This commit is contained in:
Simon L 2023-01-14 11:10:41 +01:00 committed by GitHub
commit 37ece73dc2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 51 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

77
reverse-proxy.md
View file

@ -356,51 +356,64 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
1. Add a `nextcloud.toml` to the Treafik rules folder with the following content: The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter.
```toml 1. Add a `nextcloud.yml` to the Treafik rules folder with the following content
[http.routers]
[http.routers.nc-rtr]
entryPoints = ["https"]
rule = "Host(<your-nc-domain>)"
service = "nc-svc"
middlewares = ["chain-nc"]
[http.routers.nc-rtr.tls]
certresolver = "le"
[http.services] ```yml
[http.services.nc-svc] http:
[http.services.nc-svc.loadBalancer] routers:
passHostHeader = true nextcloud:
[[http.services.nc-svc.loadBalancer.servers]] rule: "Host(<your-nextcloud-domain>)"
url = "http://localhost:11000" entrypoints:
- "https"
service: nextcloud
middlewares:
- nextcloud-chain
tls:
certresolver: "le"
services:
nextcloud:
loadBalancer:
servers:
- url: "http://localhost:11000"
``` ```
2. Add to the bottom of the `middlewares.toml` file in the Treafik rules folder the following content: 2. Add to the bottom of the `middlewares.yml` file in the Treafik rules folder the following content:
```toml ```yml
[http.middlewares.nc-middlewares-secure-headers] http:
[http.middlewares.nc-middlewares-secure-headers.headers] middlewares:
hostsProxyHeaders = ["X-Forwarded-Host"] nextcloud-secure-headers:
referrerPolicy = "same-origin" headers:
[http.middlewares.nc-middlewares-secure-headers.headers.customResponseHeaders] hostsProxyHeaders:
X-Robots-Tag = "none" - "X-Forwarded-Host"
referrerPolicy: "same-origin"
customResponseHeaders:
X-Robots-Tag: "none"
[http.middlewares.https-redirect.redirectscheme] https-redirect:
scheme = "https" redirectscheme:
scheme: https
``` ```
3. Add to the bottom of the `middleware-chains.toml` file in the Traefik rules folder the following content: 3. Add to the bottom of the `middleware-chains.yml` file in the Traefik rules folder the following content:
```toml ```yml
[http.middlewares.chain-nc] http:
[http.middlewares.chain-nc.chain] middlewares:
middlewares = [ "https-redirect", "nc-middlewares-secure-headers"] nextcloud-chain:
chain:
middlewares:
# - ... (e.g. rate limiting middleware)
- "https-redirect"
- "nextcloud-secure-headers"
``` ```
--- ---
Of course you need to modify `<your-nc-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux) Of course you need to modify `<your-nextcloud-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
</details> </details>