From b838d0e4c17ffbede64f6ad12bb33e48660a7e35 Mon Sep 17 00:00:00 2001 From: Jochen Klar Date: Fri, 12 Apr 2024 15:43:13 +0200 Subject: [PATCH] Fix reverse proxy setup description --- docs/advanced/index.md | 2 +- docs/configuration/general.md | 2 ++ docs/deployment/gunicorn.md | 14 +++++++++++--- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docs/advanced/index.md b/docs/advanced/index.md index f19359f..11a4801 100644 --- a/docs/advanced/index.md +++ b/docs/advanced/index.md @@ -29,7 +29,7 @@ proxy_set_header X-Forwarded-Host $http_host; All remaining proxies should not change these information, i.e. don't add such configuration. -**Additionally**, RDMO has to be adjusted according to the description for [reverse proxies](../configuration/general#optional-reverse-proxy). +**Additionally**, RDMO has to be adjusted according to the description for [reverse proxies](../configuration/general.html#optional-reverse-proxy). ## Install RDMO without internet connection diff --git a/docs/configuration/general.md b/docs/configuration/general.md index d425b13..9770979 100644 --- a/docs/configuration/general.md +++ b/docs/configuration/general.md @@ -56,6 +56,7 @@ This needs to be configured **before** any data is imported or content is config Note that in order to use RDMO with any language, a `.po` file needs to be created (see also: [django docs on translations](https://docs.djangoproject.com/en/stable/topics/i18n/translation/)). These files contain the translations of all strings in the user interface and can be found in the [RDMO source code](https://github.com/search?q=repo%3Ardmorganiser%2Frdmo+rdmo%2Flocale%2F+django.po&type=code). RDMO ships with translations for English, German, French and Spanish. Please [contact the project](https://github.com/rdmorganiser/rdmo/issues) if you intend to use RDMO with another language, contact information can also be found on the [RDMO community website](https://rdmorganiser.github.io/). Although we will not be able to perform the translation ourselves, we are happy to support you and add the language file to the RDMO source code after review. The `.po` files define the translation of strings in the user web interface via `gettext`. The translation of any of the content items in RDMO (e.g. catalogs, option sets) is independent from these files and is defined separately through the management web interface. ## Optional: Base URL + An **optional** setting, when you want to run RDMO under an alias like `http://example.com/rdmo`, is the `BASE_URL`. When you use an alias you need to set the base URL, otherwise this setting can be ignored. ```python @@ -64,6 +65,7 @@ BASE_URL = '/rdmo' When using this setting, also take into account the configuration under [deployment](../deployment/index). ## Optional: reverse proxy + If you run RDMO behind a reverse Proxy, which terminates the TLS/SSL traffic, you need to add the following: ``` diff --git a/docs/deployment/gunicorn.md b/docs/deployment/gunicorn.md index 93473eb..e9f757c 100644 --- a/docs/deployment/gunicorn.md +++ b/docs/deployment/gunicorn.md @@ -8,6 +8,15 @@ First install gunicorn inside your virtual environment: pip install rdmo[gunicorn] ``` +As explained [here](../configuration/general.html#optional-reverse-proxy), you need to add the following: + +``` +USE_X_FORWARDED_HOST = True +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') +``` + +to your `config/settings/local.py` in order for RDMO to pick up the `X-Forwarded-Host` and `X-Forwarded-Proto` HTTP headers from the proxy. + Then, test `gunicorn` using: ```bash gunicorn --bind 0.0.0.0:8000 config.wsgi:application @@ -95,7 +104,7 @@ server { location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; proxy_pass http://unix:/run/gunicorn/rdmo/rdmo.sock; } @@ -112,8 +121,7 @@ systemctl start nginx systemctl enable nginx ``` - - RDMO should now be available on `YOURDOMAIN`. Note that the unix socket `/srv/rdmo/rdmo.sock` needs to be accessible by Nginx. +RDMO should now be available on `YOURDOMAIN`. Note that the unix socket `/srv/rdmo/rdmo.sock` needs to be accessible by Nginx. ## Apache2 as reverse proxy