Reverse Proxy Support #162
Comments
|
Hi there, thanks a lot for reaching out ! You are perfectly right, there's no way to do this right now, because we tell Caddy to configure HTTPs when your
You will have to configure your reverse proxy to point
I am not sure whether Nginx can handle this process automatically, but Traefik and Caddy both can (not to confuse with Meli's embedded Caddy, I'm talking about using another Caddy as your main reverse proxy). If you use Caddy, be aware that by default (I don't even know if you can change this), if you match a wildcard host, it will try to obtain a wildcard SSL certificate, which requires specific configuration as Let'sEcnrypt performs a DNS challenge. I don't know how Traefik handles wildcard certificates either. We do not yet have documentation for doing this as we haven't tried it ourselves. If you get this deployment working, could you help us and document your installation in a PR on our docs ? That would be a great way to contribute and help us make this tool better. I will work on making the changes mentioned above as soon as I can so you can proceed. |
|
Hi! Nginx does not handle certificate management, it only acts as the proxy and/or webserver. Wildcard certificates can be manually provisioned in a similar fashion to how caddy does it, and it does require TXT records to be set. Traefik handles wildcards the same way as caddy: one will need api tokens for their dns provider. As for my setup now, I issued a cert for Let me know what documentation is needed and I will create a PR straight away! |
|
Good to know :) Once I've made the changes and you've successfully deployed, I'd love to add a section "Deployment" to the docs and have pages for common ways to deploy Meli. The installation docs has the most simple way, but placing Meli behind a reverse proxy will be, as you mentioned, common, so it'd be cool to document your setup, detailing how you configured nginx, path forwarding, and how you configured Meli. Sort of like a "how to deploy behind an nginx reverse proxy" guide. I'll update this thread once done with the changes 🙂 |
|
@ayush123460 i've made the changes, their already available on the |
# [1.0.0-beta.7](v1.0.0-beta.6...v1.0.0-beta.7) (2020-12-18) ### Bug Fixes * branch url not using branch slug ([254f3c6](254f3c6)) * creating branch from release doesn't create symlinks ([4768b63](4768b63)) * org member api not found ([bbf5cdc](bbf5cdc)) * redirect url missing slash ([e4e6739](e4e6739)) ### Features * add link to public community channel ([#166](#166)) ([b36db40](b36db40)) * disable auto https for reverse proxy ([#162](#162)) ([449faa8](449faa8))
|
This was released in v1.0.0-beta.7, we can reopen if further changes are needed. Thanks again for your help ! |
|
Hi! I'm not able to make this work - setting scheme as
My version: '3'
services:
meli:
image: getmeli/meli:beta
ports:
- 8006:80
environment:
MELI_URL: https://meli.ayushm.com
MELI_HTTPS_AUTO: 'false'
MELI_MONGO_URI: mongodb://mongo:27017/meli
MELI_JWT_SECRET: redacted
MELI_GITHUB_CLIENT_ID: redacted
MELI_GITHUB_CLIENT_SECRET: redacted
MELI_MAX_ORGS: 0
volumes:
- ./sites:/sites
- ./caddy/data:/data
- ./caddy/config:/config
depends_on:
- mongo
mongo:
image: mongo:4.2-bionic
volumes:
- ./data/mongo:/data/db
ports:
- 27017:27017 |
|
@ayush123460 argh, I thought this would work. Let me look into it. I won't close until we have fully resolved. |
|
I'm having similar issues using Treafik as the reverse proxy, so if you need further information from such an environment, let me know! |
|
@jojonas @ayush123460 you are first on my to do list. I'll have a look tomorrow. Last time I just made the changes discussed but this time I'll setup a Traefik instance, get a wildcard certificate and make sure things work before releasing. Hang in there ! |
|
@gempain Hey! I have been a little busy, or I would've submitted a PR till now. I think the previous commit would've worked if you changed the |
|
@ayush123460 the condition was useless basically, my fault. Even swapping the |
|
Can confirm, beta 9 works! TIL wildcards only work one level deep, so I had to issue another one but besides that it was all good! I'll make a PR for the docs by the end of the year, with my nginx config and I'll also include an example command to issue a wildcard certificate. Closing this, but please tag me if there's anything needed. Tl;dr beta 9 works, set |
|
@ayush123460 🎉 🚀 !!!! I'm glad this worked ! Sorry for the trouble fixing it, I could've made it in just one step, but got a bit off here. Yes, I should've mention it, but wildcard certificates don't work as we'd expect, meaning like in regexes. It's misleading. Thank you a thousand times for your help and support here, and thanks SO MUCH for offering to make a PR. This would be appreciated to no extent, I truly mean it, so please do, it would be really valuable to other users ! I'll open an issue and assign you with it if that's okay, so we keep track of this. |
Hello! This is a great app especially with SPA mode. I think most people would also like the ability to serve this through a reverse proxy instead of expose meli directly due to other web services also running in the same server (the case for self hosters, for example). So far I have tried the following:
If there is a way to do this with docker-compose already, please let me know. If that is not the case, you could add an env that configures this, however I'm not sure how to implement it myself.
The text was updated successfully, but these errors were encountered: