From 7c4789b52fc6f7a4f329a6cc6454aa2fb3d7c637 Mon Sep 17 00:00:00 2001
From: Benoit Sautel <benoit.sautel@gmail.com>
Date: Fri, 25 Oct 2024 09:50:36 +0200
Subject: [PATCH] Fix the Apache configuration in the Docker Compose page

Fix multiple things:
- Declaring ws proxies in a <Location> section does not work (it sounds like it works only for http).
- Proxying /http-bind to the web container is not sufficient, the frontend for instance is not served. All the paths need to be proxied to the web container.
- Generally https on localhost does not work, so we use http and ws (instead of wss) to access the web container.
---
 docs/devops-guide/docker.md | 44 +++++++++++++++++++++++++++----------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/docs/devops-guide/docker.md b/docs/devops-guide/docker.md
index 959a3c53a..7de848b05 100644
--- a/docs/devops-guide/docker.md
+++ b/docs/devops-guide/docker.md
@@ -854,6 +854,8 @@ Due to the hop-by-hop nature of WebSockets the reverse proxy must properly termi
 * /xmpp-websocket
 * /colibri-ws
 
+### nginx
+
 With nginx, these routes can be forwarded using the following config snippet:
 
 ```nginx
@@ -881,27 +883,47 @@ location /http-bind {
     proxy_set_header Connection "upgrade";
 }
 ```
+where `https://localhost:8443/` is the url of the web service's ingress.
+
+### Apache
+
+With Apache, `mod_proxy` and `mod_proxy_wstunnel` need to be enabled.
 
-With apache, `mod_proxy` and `mod_proxy_wstunnel` need to be enabled and these routes can be forwarded using the following config snippet:
+Then, HTTPS must be disabled in the Docker Compose configuration (since HTTPS will probably not work on localhost):
+
+```bash
+DISABLE_HTTPS=1
+ENABLE_HTTP_REDIRECT=0
+ENABLE_LETS_ENCRYPT=0
+```
+      
+Finally, the reverse proxy must be configured using the following config snippet:
 
 ```apache
 <IfModule mod_proxy.c>
     <IfModule mod_proxy_wstunnel.c>
         ProxyTimeout 900
-        <Location "/xmpp-websocket">
-            ProxyPass "wss://localhost:8443/xmpp-websocket"
-        </Location>
-        <Location "/colibri-ws/">
-            ProxyPass "wss://localhost:8443/colibri-ws/"
-        </Location>
-        <Location "/http-bind">
-            ProxyPass "http://localhost:8443/http-bind"
-        </Location>
+        ProxyPass /xmpp-websocket ws://localhost:8000/xmpp-websocket
+        ProxyPass /colibri-ws/ ws://localhost:8000/colibri-ws/
+        ProxyPass / http://localhost:8000/
+        ProxyPassReverse / http://localhost:8000/
     </IfModule>
 </IfModule>
 ```
 
-where `https://localhost:8443/` is the url of the web service's ingress.
+where `http://localhost:8000/` is the url of the web service's ingress.
+
+Note that HTTP_PORT and HTTPS_PORT are binding to any ip address, so are publicly open unless a firewall blocks them. When using a reverse proxy, this is not necessary. This can be changed by updating the web container's ports configuration:
+```yaml
+            - '127.0.0.1:${HTTP_PORT}:80'
+            - '127.0.0.1:${HTTPS_PORT}:443'
+```
+insteaf of
+```yaml
+            - '${HTTP_PORT}:80'
+            - '${HTTPS_PORT}:443'
+```
+
 
 ### Disabling WebSocket connections