mirror of
https://github.com/nextcloud/all-in-one.git
synced 2025-03-04 01:38:41 +08:00
improve the traefik reverse proxy documentation
Signed-off-by: szaimen <szaimen@e.mail.de>
This commit is contained in:
parent
ed646c5cde
commit
177477d3cb
1 changed files with 42 additions and 17 deletions
|
@ -80,25 +80,50 @@ Unfortunately it is not possible to configure nginx-proxy in a way that works be
|
|||
|
||||
**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
|
||||
|
||||
Add a `nc.toml` to the Treafik rules folder with the following content:
|
||||
1. Add a `nextcloud.toml` to the Treafik rules folder with the following content:
|
||||
|
||||
```toml
|
||||
[http.routers]
|
||||
[http.routers.nc-rtr]
|
||||
entryPoints = ["https"]
|
||||
rule = "Host(<your-nc-domain>)"
|
||||
service = "nc-svc"
|
||||
middlewares = ["chain-no-auth"]
|
||||
[http.routers.nc-rtr.tls]
|
||||
certresolver = "le"
|
||||
```toml
|
||||
[http.routers]
|
||||
[http.routers.nc-rtr]
|
||||
entryPoints = ["https"]
|
||||
rule = "Host(<your-nc-domain>)"
|
||||
service = "nc-svc"
|
||||
middlewares = ["chain-no-auth"]
|
||||
[http.routers.nc-rtr.tls]
|
||||
certresolver = "le"
|
||||
|
||||
[http.services]
|
||||
[http.services.nc-svc]
|
||||
[http.services.nc-svc.loadBalancer]
|
||||
passHostHeader = true
|
||||
[[http.services.nc-svc.loadBalancer.servers]]
|
||||
url = "http://<private.ip.address.of.the.host>:11000"
|
||||
```
|
||||
[http.services]
|
||||
[http.services.nc-svc]
|
||||
[http.services.nc-svc.loadBalancer]
|
||||
passHostHeader = true
|
||||
[[http.services.nc-svc.loadBalancer.servers]]
|
||||
url = "http://<private.ip.address.of.the.host>:11000"
|
||||
```
|
||||
|
||||
2. Add to the bottom of the `middlewares.toml` file in the Treafik rules folder the following content:
|
||||
|
||||
```toml
|
||||
[http.middlewares.nc-middlewares-secure-headers]
|
||||
[http.middlewares.nc-middlewares-secure-headers.headers]
|
||||
hostsProxyHeaders = ["X-Forwarded-Host"]
|
||||
sslRedirect = true
|
||||
stsSeconds = 63072000
|
||||
stsIncludeSubdomains = true
|
||||
stsPreload = true
|
||||
forceSTSHeader = true
|
||||
referrerPolicy = "same-origin"
|
||||
X-Robots-Tag = "none"
|
||||
```
|
||||
|
||||
3. Add to the bottom of the `middleware-chains.toml` file in the Traefik rules folder the following content:
|
||||
|
||||
```toml
|
||||
[http.middlewares.chain-nc]
|
||||
[http.middlewares.chain-nc.chain]
|
||||
middlewares = [ "middlewares-rate-limit", "nc-middlewares-secure-headers"]
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You will also need to modify `<private.ip.address.of.the.host>` to the private ip-address of the host that is running the docker daemon. **Advice:** the `nextcloud-aio-mastercontainer` is **NOT** running the docker daemon. The host itself is running the docker daemon.
|
||||
|
||||
|
|
Loading…
Reference in a new issue