Add example reverse proxy configs #40
Add example reverse proxy configs #40
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I checked only nginx section, it looks okay (similar to what I have in my setup).
Adding |
I tested http2 with all 3. Apache and Nginx work fine, but when it's enabled in Haproxy the android app can't connect. Probably a configuration error on my part, but I can't figure it out at the moment |
Looks good, but might be worthwhile adding a bit about LetsEncrypt/Certbot as well, since a number of people have asked about it. I have an example for NGiNX here: https://gist.github.com/joshuaboniface/e843ed141bb69272f2e39a30961d26c7 HAProxy can also do something similar:
P.S. Thank you, I never did get around to doing this and appreciate it! |
@mcarlton00 Can you let me know how you enabled http2 in haproxy? I can test it out a bit too. |
http2 on haproxy:
to
which has worked on other projects I've done. Thinking about it, I can add SNI into the haproxy config so it's more similar to the apache and nginx ones.
If we include LetsEncrypt, that could be How detailed do we want to get with the LetsEncrypt stuff? There's just so much variation between certbot or other clients, auth methods, ports, etc. |
Thanks @mcarlton00 I'll test that out today. SNI is a good thing too, simpler configs! For LE, yea that was just a dumb copy-paste from my live config where I send the requests to I think just a basic "here's how you pass it through, for more advice see Certbot/LetsEncrypt docs" would be sufficient - I'm more interested in having just the basics with Certbot in there as an "easy-to-use" quickstart, and let more advanced users branch out from there. |
Actually just did a quick test with |
I think a simple webroot auth is good for most people, but does that work with haproxy? Since it's not a "proper" webserver, I'm not sure if it'll serve those files properly. Would we have to specify certbot on a different port for LetsEncrypt to work? Just did a quick test, http2 seems to be only functional on haproxy 1.8 and newer. So we can include it, but should definitely make a note. |
I don't think so, I always just run Certbot in HTTP challenge mode on that target port. You would - the port you specify in Certbot must be the proxy target port from HAProxy/NGiNX.
Oh yes it's 1.8+ only - I think 1.8 is in a lot of distros or will be soon, so it's worth mentioning explicitly. |
@joshuaboniface if you verified this stuff works for HAproxy, can you also approve? I can only verify |
As far as just the base proxy stuff is concerned, this should be good to go now. I probably won't have time to get back to this until the weekend. Do we want to merge so we can get the info out there and I'll do another PR adding LetsEncrypt stuff once I get some free time again? |
Going for the minimal required to get each service up and running. Each service was tested by authenticating and playing videos through the web UI and android app.