fix(exapps): correct errors in 3-host HaRP deployment section

[Copilot]

Four errors introduced in the 3-host HaRP deployment section of DeployConfigurations.rst.

Changes:

• Mermaid diagram — DockerSocketProxy replaced with HaRP in the Host2 state; the original diagram was contradicted by the actual docker run command which mounts /var/run/docker.sock directly into HaRP, no socket proxy involved
• mkdir brace expansion artifact — mkdir -p /some/path/{certs,} → mkdir -p /some/path/certs; trailing comma silently created a duplicate path
• HP_TRUSTED_PROXY_IPS placeholder clarity — added inline comment flagging 192.168.0.0/24 as a value that must be replaced, not copied verbatim
• Unexplained docker-engine-port: 24000 — added a .. note:: before the test curl commands explaining that this header is HaRP's internal virtual port routing mechanism and 24000 is the default for a directly-mounted socket, requiring no extra firewall rules

☑️ Resolves

🖼️ Screenshots

N/A — no visual/layout changes.

✅ Checklist

• I have built the documentation locally and reviewed the output
• Screenshots are included for visual changes
• I have not moved or renamed pages (or added a redirect if I did)
• I have run codespell or similar and addressed any spelling issues

Original prompt

Problem

PR #13992 added a new section to admin_manual/exapps_management/DeployConfigurations.rst documenting a 3-host deployment (Nextcloud / Apache Reverse Proxy / Docker+HaRP). Several errors were introduced that need to be fixed.

---

File to change

admin_manual/exapps_management/DeployConfigurations.rst

The section to fix is: "Docker / Reverse Proxy / Nextcloud on 3 independent hosts - with HaRP container" (starting around line 182).

---

Fix 1 — Mermaid diagram contradicts actual setup

The diagram in the new section shows DockerSocketProxy inside Host2 managing containers. However, the actual docker run command mounts /var/run/docker.sock directly into the HaRP container — no DockerSocketProxy is involved. The diagram is misleading.

Change: Replace all occurrences of DockerSocketProxy in the Host2 state diagram with HaRP to accurately reflect the architecture.

Current diagram (Host2 state):

state Host2 {
    [*] --> DockerSocketProxy : by port
    Daemon --> Containers

    state Containers {
        [*] --> DockerSocketProxy : /var/run/docker.sock
        DockerSocketProxy --> ExApp1
        DockerSocketProxy --> ExApp2
        DockerSocketProxy --> ExApp3
    }
}

Should become:

state Host2 {
    [*] --> HaRP : by port
    Daemon --> Containers

    state Containers {
        [*] --> HaRP : /var/run/docker.sock
        HaRP --> ExApp1
        HaRP --> ExApp2
        HaRP --> ExApp3
    }
}

---

Fix 2 — Broken mkdir brace expansion

Current:

mkdir -p /some/path/{certs,}

The trailing comma in {certs,} expands to both certs and an empty string, creating /some/path/ (which already exists) alongside /some/path/certs. This is a copy-paste artifact.

Change: Simplify to:

mkdir -p /some/path/certs

---

Fix 3 — HP_TRUSTED_PROXY_IPS looks like a real value, not a placeholder

Current:

-e HP_TRUSTED_PROXY_IPS="192.168.0.0/24" \

This specific subnet looks like a real network address, not clearly a placeholder. Readers may copy it verbatim without adapting it to their network.

Change: Add an inline comment to clarify it must be customised:

-e HP_TRUSTED_PROXY_IPS="192.168.0.0/24" \  # Replace with your actual trusted proxy subnet (Host3's IP or subnet)

---

Fix 4 — docker-engine-port: 24000 is unexplained

The test curl commands include this header:

-H "docker-engine-port: 24000" \

But port 24000 is never mentioned or configured anywhere in the setup steps, leaving readers confused about where it comes from.

Change: Add a short note before the curl test commands explaining what this header is and where 24000 comes from. In this setup, HaRP mounts the Docker socket directly; docker-engine-port tells HaRP which internal virtual port to use for the locally-mounted Docker socket. The value 24000 is HaRP's default virtual port for a directly-mounted socket. Example note to add:

.. note::

    The ``docker-engine-port`` header tells HaRP which internal virtual port to route to the Docker engine.
    When HaRP has the Docker socket mounted directly (as in this setup), it uses ``24000`` as the default
    virtual port for that local socket. This value does not require any additional firewall or port configuration.

---

Summary of all changes

#	Location	Issue	Fix
1	Mermaid diagram (Host2 state)	DockerSocketProxy shown but HaRP mounts raw socket	Replace DockerSocketProxy with HaRP in diagram
2	Step 1.1 mkdir	{certs,} brace expansion artifact	Change to mkdir -p /some/path/certs
3	Step 1.3 docker run	HP_TRUSTED_PROXY_IPS looks like a real subnet	Add inline comment clarifying it must be replaced
4	Step 4 curl tests	docker-engine-port: 24000 unexplained	Add a .. note:: before the curl commands explaining the header

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Can you review @nextcloud/documentation/pull/13992 ?

Assistant: Here's my review of PR #13992:

---

📋 PR Summary

Title	Update DeployConfigurations.rst — Instruction for Apache reverse proxy and 3 hosts
Author	@manik0u
Status	✅ Merged (by @skjnldsv on 2026-04-29)
Files changed	1 (admin_manual/exapps_management/DeployConfigurations.rst)
Changes	+128 lines, 0 deletions
Commits	2
Linked issue	nextcloud/HaRP#85
Risk	🟢 Low — documentation-only change

---

🔍 Core Changes

This PR adds a new section to DeployConfigurations.rst documenting a 3-host deployment scenario for Nextcloud with HaRP (the AppAPI reverse proxy), specifically covering the case where:

• Host 1 runs Nextcloud
• Host 2 runs Do...

This pull request was created from Copilot chat.

[skjnldsv]

@manik0u, do you mind having a quick look at those tiny improvements I asked copilot to do ?

[manik0u]

@manik0u, do you mind having a quick look at those tiny improvements I asked copilot to do ?

@skjnldsv It's ok for me ! thanks for this needed updates ;)

[skjnldsv]

/backport to stable33 please

[skjnldsv]

/backport to stable32 please

[backportbot]

The backport to stable33 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable33
git pull origin stable33

# Create the new backport branch
git checkout -b backport/14676/stable33

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts, resolve them
git cherry-pick 54985095 3b4225ba

# Push the cherry pick commit to the remote repository and open a pull request
git push origin backport/14676/stable33

Error: Failed to check for changes with origin/stable33: No changes found in backport branch

---

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.

[backportbot]

The backport to stable32 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable32
git pull origin stable32

# Create the new backport branch
git checkout -b backport/14676/stable32

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts, resolve them
git cherry-pick 54985095 3b4225ba

# Push the cherry pick commit to the remote repository and open a pull request
git push origin backport/14676/stable32

Error: Failed to check for changes with origin/stable32: No changes found in backport branch

---

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.