[multi-chat] fix: trust all proxies.

[Phate334]

The original setting will cause the front end to only generate http:// links, and requests for these resource files will be blocked by the browser.

Even if the environment variable has been set, it will be ignored by Laravel.

After this setting, Kuwa works well under https, but I am not good at PHP. Please re-evaluate whether this modification is appropriate.

[ifTNT]

Hi @Phate334,

I doubt that Laravel will not respect environment variables in docker.
Could you try to solve the issue by changing APP_URL in docker/multi-chat/app.env and rebuilding the image?
Thanks.

[Phate334]

Could you try to solve the issue by changing APP_URL in docker/multi-chat/app.env and rebuilding the image?

same problem on app.env

Do Kuwa or Laravel have any solutions to set up custom certificates for TLS? Laravel cannot generate HTTPS URLs when the reverse proxy forwards to Kuwa on port 80.
https://laravel.com/docs/10.x/requests#configuring-trusted-proxies

====
I use mkcert and the Caddy server for debugging.

• Caddyfile

kuwa.localhost {
  tls /kuwa-cert/kuwa.localhost.pem /kuwa-cert/kuwa.localhost-key.pem

  reverse_proxy host.docker.internal:8080
}

• compose.yaml

services:
  caddy:
    image: caddy:2.8.4-alpine
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./kuwa-cert:/kuwa-cert
      - ./Caddyfile:/etc/caddy/Caddyfile

[ifTNT]

To configure custom TLS certificates in the Dockerized version of Kuwa, you can modify the Nginx configuration within the "web" container. Here's an example:

diff --git a/docker/web/templates/default.conf.template b/docker/web/templates/default.conf.template
index 56319a66..37076a67 100644
--- a/docker/web/templates/default.conf.template
+++ b/docker/web/templates/default.conf.template
@@ -2,6 +2,22 @@ server {
     listen 80;
     listen [::]:80;
     server_name ${DOMAIN_NAME};
+
+    # Redirect HTTP to HTTPS
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name ${DOMAIN_NAME};
+
+    # SSL Configuration
+    ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem; # Replace with your certificate path
+    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; # Replace with your private key path
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
     root /app/public;

     add_header X-Frame-Options "SAMEORIGIN";

While this pull request's trusted proxy configuration is valuable for scenarios using cloud load balancers, we can enhance its adaptability. To ensure broader applicability, I plan to make the trusted proxy configurable via an environment variable after this pull request is merged.

Thank you for your contribution!

[Phate334]

To ensure broader applicability, I plan to make the trusted proxy configurable via an environment variable after this pull request is merged.

That's great.