diff --git a/docs/devops-guide/docker.md b/docs/devops-guide/docker.md index 959a3c53a..7de848b05 100644 --- a/docs/devops-guide/docker.md +++ b/docs/devops-guide/docker.md @@ -854,6 +854,8 @@ Due to the hop-by-hop nature of WebSockets the reverse proxy must properly termi * /xmpp-websocket * /colibri-ws +### nginx + With nginx, these routes can be forwarded using the following config snippet: ```nginx @@ -881,27 +883,47 @@ location /http-bind { proxy_set_header Connection "upgrade"; } ``` +where `https://localhost:8443/` is the url of the web service's ingress. + +### Apache + +With Apache, `mod_proxy` and `mod_proxy_wstunnel` need to be enabled. -With apache, `mod_proxy` and `mod_proxy_wstunnel` need to be enabled and these routes can be forwarded using the following config snippet: +Then, HTTPS must be disabled in the Docker Compose configuration (since HTTPS will probably not work on localhost): + +```bash +DISABLE_HTTPS=1 +ENABLE_HTTP_REDIRECT=0 +ENABLE_LETS_ENCRYPT=0 +``` + +Finally, the reverse proxy must be configured using the following config snippet: ```apache ProxyTimeout 900 - - ProxyPass "wss://localhost:8443/xmpp-websocket" - - - ProxyPass "wss://localhost:8443/colibri-ws/" - - - ProxyPass "http://localhost:8443/http-bind" - + ProxyPass /xmpp-websocket ws://localhost:8000/xmpp-websocket + ProxyPass /colibri-ws/ ws://localhost:8000/colibri-ws/ + ProxyPass / http://localhost:8000/ + ProxyPassReverse / http://localhost:8000/ ``` -where `https://localhost:8443/` is the url of the web service's ingress. +where `http://localhost:8000/` is the url of the web service's ingress. + +Note that HTTP_PORT and HTTPS_PORT are binding to any ip address, so are publicly open unless a firewall blocks them. When using a reverse proxy, this is not necessary. This can be changed by updating the web container's ports configuration: +```yaml + - '127.0.0.1:${HTTP_PORT}:80' + - '127.0.0.1:${HTTPS_PORT}:443' +``` +insteaf of +```yaml + - '${HTTP_PORT}:80' + - '${HTTPS_PORT}:443' +``` + ### Disabling WebSocket connections