Document reverse proxy config for Apache

As we found out in #616, Apache does not set the `X-Forwarded-Proto` header, which is now required because we switched to secure cookies in 383d791a50919bb9890a3f3f797ecc95125ab8bf. Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-13 19:07:26 +01:00 · 2020-12-13 19:07:26 +01:00 · 2f5ca84605
commit 2f5ca84605
parent 70ff301e15
1 changed files with 26 additions and 0 deletions
--- a/docs/setup/reverse-proxy.md
+++ b/docs/setup/reverse-proxy.md
@ -67,3 +67,29 @@ server {
    ssl_dhparam ssl-dhparams.pem;
 }
 ```
+### Apache
+You will need these modules enabled: `proxy`, `proxy_http` and `proxy_wstunnel`.  
+Here is an example config snippet:
+```
+<VirtualHost *:443>
+  ServerName hedgedoc.example.com
+
+  RewriteEngine on
+  RewriteCond %{REQUEST_URI} ^/socket.io             [NC]
+  RewriteCond %{HTTP:Upgrade} =websocket [NC]
+  RewriteRule /(.*)  ws://127.0.0.1:3000/$1          [P,L]
+
+  ProxyPass / http://127.0.0.1:3000/
+  ProxyPassReverse / http://127.0.0.1:3000/
+
+  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+        
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+  SSLCertificateFile /etc/letsencrypt/live/hedgedoc.example.com/fullchain.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/hedgedoc.example.com/privkey.pem
+  Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+```
+