diff options
| author |  Creak <romain.failliot@foolstep.com>
| 2021-02-11 11:45:11 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2021-02-11 17:45:11 +0100 |
| commit | 13688825f2d76cb718774b122111a31aa071c51e (patch) | |
| tree | 007e8e935d0b1e4cef02a4e27af8bef4cdc2991b /Docker | |
| parent | 13b03b232ba9a5b3c30784adc3a8bf8f03b90f63 (diff) | |
Fix nginx config (#3438)
* Fix nginx config
* Remove `proxy_cookie_path`
* Add `proxy_set_header X-Forwarded-Prefix` for the subdirectory config
* Add nginx config when hosted as domain root
* Add `/` at the end of `proxy_pass`
Diffstat (limited to 'Docker')
| -rw-r--r-- | Docker/README.md | 53 |
1 files changed, 49 insertions, 4 deletions
diff --git a/Docker/README.md b/Docker/README.md index 671335a3c..fe414cc34 100644 --- a/Docker/README.md +++ b/Docker/README.md @@ -302,8 +302,9 @@ docker-compose up -d ### Alternative reverse proxy using [nginx](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) +#### Hosted in a subdirectory + Here is an example of configuration to run FreshRSS behind an Nginx reverse proxy (as subdirectory). -In particular, the proxy should be setup to allow cookies via HTTP headers (see `proxy_cookie_path` below) to allow logging in via the Web form method. ``` upstream freshrss { @@ -325,9 +326,6 @@ server { # Other SSL stuff goes here - # Needed for Freshrss cookie/session : - proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=Lax"; - location / { try_files $uri $uri/ =404; index index.htm index.html; @@ -341,6 +339,52 @@ server { proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Prefix /freshrss/; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_read_timeout 90; + + # Forward the Authorization header for the Google Reader API. + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } +} +``` + +#### Hosted as domain root + +Here is an example of configuration to run FreshRSS behind an Nginx reverse proxy (as domain root). + +``` +upstream freshrss { + server 127.0.0.1:8080; + keepalive 64; +} + +server { + listen 80; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name mywebsite.example.net; + listen 443 ssl http2; + + # Other SSL stuff goes here + + location / { + # The final `/` is important. + proxy_pass http://freshrss/; + add_header X-Frame-Options SAMEORIGIN; + add_header X-XSS-Protection "1; mode=block"; + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; @@ -352,6 +396,7 @@ server { } } ``` + ### Alternative reverse proxy using [Apache 2.4](https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html) Here is an example of a configuration file for running FreshRSS behind an Apache reverse proxy (as a subdirectory). |