From aaed69252b399aa66bdcd5b3723f44cdb6ec4484 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Tue, 18 Dec 2018 20:41:06 +0100 Subject: Support of proxies with subfolder / path rules (#2191) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Support HTTP_X_FORWARDED_PREFIX HTTP_X_FORWARDED_HOST Improve Docker/Træfik for rules based on path/sub-folder --- Docker/README.md | 14 ++++++++------ lib/Minz/Request.php | 7 ++++++- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/Docker/README.md b/Docker/README.md index 6745de141..d60787c75 100644 --- a/Docker/README.md +++ b/Docker/README.md @@ -49,17 +49,17 @@ sudo docker run -d --restart unless-stopped --log-opt max-size=10m \ --name traefik traefik --docker \ --entryPoints='Name:http Address::80 Compress:true Redirect.EntryPoint:https' \ --entryPoints='Name:https Address::443 Compress:true TLS TLS.MinVersion:VersionTLS12 TLS.SniStrict:true TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' \ - --defaultentrypoints=http,https \ - --acme=true --acme.entrypoint=https --acme.onhostrule=true --acme.tlsChallenge --acme.storage=/etc/traefik/acme/acme.json \ - --acme.email=you@example.net + --defaultentrypoints=http,https --keeptrailingslash=true \ + --acme=true --acme.entrypoint=https --acme.onhostrule=true --acme.tlsChallenge \ + --acme.storage=/etc/traefik/acme/acme.json --acme.email=you@example.net ``` See [more information about Docker and Let’s Encrypt in Træfik](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/). ## Run FreshRSS -Example using a dedicated domain (rules based on sub-folders are also possible in Træfik), and the built-in refresh cron job (see further below for alternatives). -For this configuration, you must first create your domain or sub-domain `freshrss.example.net`. +Example using the built-in refresh cron job (see further below for alternatives). +You must first chose a domain (DNS) or sub-domain, e.g. `freshrss.example.net`. ```sh sudo docker volume create freshrss-data @@ -76,8 +76,10 @@ sudo docker run -d --restart unless-stopped --log-opt max-size=10m \ --name freshrss freshrss/freshrss ``` +* If you cannot have FreshRSS at the root of a dedicated domain, update the command above according to the following model: + `--label traefik.frontend.rule='Host:freshrss.example.net;PathPrefixStrip:/FreshRSS/' \` +* You may remove the `--label traefik.*` lines if you do not use Træfik. * Add `-p 8080:80 \` if you want to expose FreshRSS locally, e.g. on port `8080`. -* You can remove the `--label traefik.*` lines if you do not use Træfik. This already works with a built-in **SQLite** database (easiest), but more powerful databases are supported: diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 24e30546f..8b2b610d6 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -118,7 +118,9 @@ class Minz_Request { $https = self::isHttps(); - if (!empty($_SERVER['HTTP_HOST'])) { + if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) { + $host = parse_url('http://' . $_SERVER['HTTP_X_FORWARDED_HOST'], PHP_URL_HOST); + } elseif (!empty($_SERVER['HTTP_HOST'])) { //Might contain a port number, and mind IPv6 addresses $host = parse_url('http://' . $_SERVER['HTTP_HOST'], PHP_URL_HOST); } elseif (!empty($_SERVER['SERVER_NAME'])) { @@ -142,6 +144,9 @@ class Minz_Request { } else { $url .= '://' . $host . ($port == 80 ? '' : ':' . $port); } + if (!empty($_SERVER['HTTP_X_FORWARDED_PREFIX'])) { + $url .= rtrim($_SERVER['HTTP_X_FORWARDED_PREFIX'], '/ '); + } if (isset($_SERVER['REQUEST_URI'])) { $path = $_SERVER['REQUEST_URI']; $url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path); -- cgit v1.2.3