From 7a3122f25c85e46ca31d8d0b0a2a85aaee7883fe Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 8 Oct 2020 09:27:28 +0200 Subject: [PATCH] docs: add reverse-proxy example config, fix outpost docker-compose --- docs/installation/reverse-proxy.md | 42 ++++++++++++++++++++++++++ docs/outposts/deploy-docker-compose.md | 2 +- mkdocs.yml | 27 +++++++++-------- 3 files changed, 57 insertions(+), 14 deletions(-) create mode 100644 docs/installation/reverse-proxy.md diff --git a/docs/installation/reverse-proxy.md b/docs/installation/reverse-proxy.md new file mode 100644 index 000000000..aee7773bd --- /dev/null +++ b/docs/installation/reverse-proxy.md @@ -0,0 +1,42 @@ +# passbook behind a reverse-proxy + +If you want to access passbook behind a reverse-proxy, use a config like this. It is important that Websocket is enabled, so that Outposts can connect. + +``` +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + # Server config + listen 80; + server_name sso.domain.tld; + + # 301 to SSL + location / { + return 301 https://$host$request_uri; + } +} +server { + # Server config + listen 443 ssl http2; + server_name sso.domain.tld; + + # SSL Certs + ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; + + # Proxy site + location / { + proxy_pass https://; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Port 443; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } +} +``` diff --git a/docs/outposts/deploy-docker-compose.md b/docs/outposts/deploy-docker-compose.md index 3d8aa44b7..081aec3de 100644 --- a/docs/outposts/deploy-docker-compose.md +++ b/docs/outposts/deploy-docker-compose.md @@ -5,7 +5,7 @@ To deploy an outpost with docker-compose, use this snippet in your docker-compo You can also run the outpost in a separate docker-compose project, you just have to ensure that the outpost container can reach your application container. ```yaml -version: 3.5 +version: '3.5' services: passbook_proxy: diff --git a/mkdocs.yml b/mkdocs.yml index 8915df5b9..e531a1c8a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -8,23 +8,24 @@ nav: - Installation: - docker-compose: installation/docker-compose.md - Kubernetes: installation/kubernetes.md + - Reverse Proxy: installation/reverse-proxy.md - Flows: Overview: flow/flows.md Examples: flow/examples/examples.md - Stages: - - Captcha Stage: flow/stages/captcha/index.md - - Dummy Stage: flow/stages/dummy/index.md - - Email Stage: flow/stages/email/index.md - - Identification Stage: flow/stages/identification/index.md - - Invitation Stage: flow/stages/invitation/index.md - - OTP Stage: flow/stages/otp/index.md - - Password Stage: flow/stages/password/index.md - - Prompt Stage: flow/stages/prompt/index.md - - Prompt Stage Validation: flow/stages/prompt/validation.md - - User Delete Stage: flow/stages/user_delete.md - - User Login Stage: flow/stages/user_login.md - - User Logout Stage: flow/stages/user_logout.md - - User Write Stage: flow/stages/user_write.md + - Captcha Stage: flow/stages/captcha/index.md + - Dummy Stage: flow/stages/dummy/index.md + - Email Stage: flow/stages/email/index.md + - Identification Stage: flow/stages/identification/index.md + - Invitation Stage: flow/stages/invitation/index.md + - OTP Stage: flow/stages/otp/index.md + - Password Stage: flow/stages/password/index.md + - Prompt Stage: flow/stages/prompt/index.md + - Prompt Stage Validation: flow/stages/prompt/validation.md + - User Delete Stage: flow/stages/user_delete.md + - User Login Stage: flow/stages/user_login.md + - User Logout Stage: flow/stages/user_logout.md + - User Write Stage: flow/stages/user_write.md - Sources: sources.md - Providers: - OAuth2: providers/oauth2.md