remove X-Forward-for header from nginx default.conf to be able to run Snapdrop with docker correctly. Add how-to and configuration examples for nginx and apache to documentation.
This commit is contained in:
		
							parent
							
								
									f769a76605
								
							
						
					
					
						commit
						28336eebf0
					
				|  | @ -12,7 +12,7 @@ | |||
| 
 | ||||
| Have any questions? Read our [FAQ](/docs/faq.md). | ||||
| 
 | ||||
| You can [host your own instance with Docker](/docs/local-dev.md). | ||||
| You can [host your own instance with Docker](/docs/host-your-own.md). | ||||
| 
 | ||||
| 
 | ||||
| ## Support the Snapdrop Community | ||||
|  |  | |||
|  | @ -19,7 +19,7 @@ services: | |||
|       - ./docker/openssl:/mnt/openssl | ||||
|     ports: | ||||
|       - "8080:80" | ||||
|       - "443:443" | ||||
|       - "8443:443" | ||||
|     env_file: ./docker/fqdn.env | ||||
|     entrypoint: /mnt/openssl/create.sh | ||||
|     command: ["nginx", "-g", "daemon off;"] | ||||
|     command: ["nginx", "-g", "daemon off;"] | ||||
|  |  | |||
|  | @ -1,9 +1,5 @@ | |||
| server { | ||||
|     listen       80; | ||||
|     #server_name  your.domain; | ||||
| 
 | ||||
|     #charset koi8-r; | ||||
|     #access_log  /var/log/nginx/host.access.log  main; | ||||
| 
 | ||||
|     expires epoch; | ||||
| 
 | ||||
|  | @ -17,21 +13,11 @@ server { | |||
|         proxy_pass http://node:3000; | ||||
|         proxy_set_header Connection "upgrade"; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|         proxy_set_header X-Forwarded-for $remote_addr; | ||||
|     } | ||||
| 
 | ||||
|     location /ca.crt { | ||||
|         alias /etc/ssl/certs/snapdropCA.crt; | ||||
|     } | ||||
| 
 | ||||
|     #error_page  404              /404.html; | ||||
| 
 | ||||
|     # redirect server error pages to the static page /50x.html | ||||
|     # | ||||
|     error_page   500 502 503 504  /50x.html; | ||||
|     location = /50x.html { | ||||
|         root   /usr/share/nginx/html; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| server { | ||||
|  | @ -39,11 +25,6 @@ server { | |||
|     ssl_certificate /etc/ssl/certs/snapdrop-dev.crt; | ||||
|     ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key; | ||||
| 
 | ||||
|     #server_name  ; | ||||
| 
 | ||||
|     #charset koi8-r; | ||||
|     #access_log  /var/log/nginx/host.access.log  main; | ||||
| 
 | ||||
|     expires epoch; | ||||
| 
 | ||||
|     location / { | ||||
|  | @ -56,20 +37,10 @@ server { | |||
|         proxy_pass http://node:3000; | ||||
|         proxy_set_header Connection "upgrade"; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|         proxy_set_header X-Forwarded-for $remote_addr; | ||||
|     } | ||||
| 
 | ||||
|     location /ca.crt { | ||||
|         alias /etc/ssl/certs/snapdropCA.crt; | ||||
|     } | ||||
| 
 | ||||
|     #error_page  404              /404.html; | ||||
| 
 | ||||
|     # redirect server error pages to the static page /50x.html | ||||
|     # | ||||
|     error_page   500 502 503 504  /50x.html; | ||||
|     location = /50x.html { | ||||
|         root   /usr/share/nginx/html; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
|  |  | |||
|  | @ -0,0 +1,226 @@ | |||
| # Local Development | ||||
| ## Install | ||||
| 
 | ||||
| First, [Install docker with docker-compose.](https://docs.docker.com/compose/install/) | ||||
| 
 | ||||
| Then, clone the repository and run docker-compose: | ||||
| ```shell | ||||
|     git clone https://github.com/RobinLinus/snapdrop.git | ||||
| ``` | ||||
| ```shell | ||||
|     cd snapdrop | ||||
| ``` | ||||
| ```shell | ||||
|     docker-compose up -d | ||||
| ``` | ||||
| Now point your browser to `http://localhost:8080`. | ||||
| 
 | ||||
| - To restart the containers run `docker-compose restart`. | ||||
| - To stop the containers run `docker-compose stop`. | ||||
| - To debug the NodeJS server run `docker logs snapdrop_node_1`. | ||||
| 
 | ||||
| 
 | ||||
| ## Run locally by pulling image from Docker Hub | ||||
| 
 | ||||
| Have docker installed, then use the command: | ||||
| ```shell | ||||
|     docker pull linuxserver/snapdrop | ||||
| ``` | ||||
| 
 | ||||
| To run the image, type (if port 8080 is occupied by host use another random port <random port>:80): | ||||
| ```shell | ||||
|     docker run -d -p 8080:80 linuxserver/snapdrop | ||||
| ``` | ||||
| 
 | ||||
| <br> | ||||
| 
 | ||||
| ## Testing PWA related features | ||||
| PWAs require that the app is served under a correctly set up and trusted TLS endpoint. | ||||
| 
 | ||||
| The nginx container creates a CA certificate and a website certificate for you. To correctly set the common name of the certificate, you need to change the FQDN environment variable in `docker/fqdn.env` to the fully qualified domain name of your workstation. | ||||
| 
 | ||||
| If you want to test PWA features, you need to trust the CA of the certificate for your local deployment. For your convenience, you can download the crt file from `http://<Your FQDN>:8080/ca.crt`. Install that certificate to the trust store of your operating system. | ||||
| - On Windows, make sure to install it to the `Trusted Root Certification Authorities` store. | ||||
| - On MacOS, double click the installed CA certificate in `Keychain Access`, expand `Trust`, and select `Always Trust` for SSL. | ||||
| - Firefox uses its own trust store. To install the CA, point Firefox at `http://<Your FQDN>:8080/ca.crt`. When prompted, select `Trust this CA to identify websites` and click OK. | ||||
| - When using Chrome, you need to restart Chrome so it reloads the trust store (`chrome://restart`). Additionally, after installing a new cert, you need to clear the Storage (DevTools -> Application -> Clear storage -> Clear site data). | ||||
| 
 | ||||
| Please note that the certificates (CA and webserver cert) expire after a day. | ||||
| Also, whenever you restart the nginx docker, container new certificates are created. | ||||
| 
 | ||||
| The site is served on `https://<Your FQDN>:8443`. | ||||
| 
 | ||||
| 
 | ||||
| # Deployment Notes | ||||
| The client expects the server at http(s)://your.domain/server. | ||||
| 
 | ||||
| When serving the node server behind a proxy, the `X-Forwarded-For` header has to be set by the proxy. Otherwise, all clients that are served by the proxy will be mutually visible. | ||||
| 
 | ||||
| ## Deployment with node | ||||
| By default, the node server listens on port 3000. | ||||
| 
 | ||||
| Use nginx or apache to set the header correctly: | ||||
| 
 | ||||
| ### Using nginx | ||||
| ``` | ||||
| server { | ||||
|     listen       80; | ||||
| 
 | ||||
|     expires epoch; | ||||
| 
 | ||||
|     location / { | ||||
|         root   /var/www/snapdrop/client; | ||||
|         index  index.html index.htm; | ||||
|     } | ||||
| 
 | ||||
|     location /server { | ||||
|         proxy_connect_timeout 300; | ||||
|         proxy_pass http://node:3000; | ||||
|         proxy_set_header Connection "upgrade"; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|         proxy_set_header X-Forwarded-for $remote_addr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| server { | ||||
|     listen       443 ssl http2; | ||||
|     ssl_certificate /etc/ssl/certs/snapdrop-dev.crt; | ||||
|     ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key; | ||||
| 
 | ||||
|     expires epoch; | ||||
| 
 | ||||
|     location / { | ||||
|         root   /var/www/snapdrop/client; | ||||
|         index  index.html; | ||||
|     } | ||||
| 
 | ||||
|     location /server { | ||||
|         proxy_connect_timeout 300; | ||||
|         proxy_pass http://node:3000; | ||||
|         proxy_set_header Connection "upgrade"; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|         proxy_set_header X-Forwarded-for $remote_addr; | ||||
|     } | ||||
| } | ||||
| ``` | ||||
| 
 | ||||
| ### Using Apache | ||||
| ``` | ||||
| <VirtualHost *:80>	 | ||||
| 	DocumentRoot "/var/www/snapdrop/client" | ||||
| 	DirectoryIndex index.html	 | ||||
| 
 | ||||
| 	RewriteEngine on | ||||
| 	RewriteCond %{HTTP:Upgrade} websocket [NC] | ||||
| 	RewriteCond %{HTTP:Connection} upgrade [NC] | ||||
| 	RewriteRule ^/?(.*) "ws://127.0.0.1:3000/$1" [P,L] | ||||
| </VirtualHost> | ||||
| <VirtualHost *:443>	 | ||||
| 	DocumentRoot "/var/www/snapdrop/client" | ||||
| 	DirectoryIndex index.html | ||||
| 	 | ||||
| 	RewriteEngine on | ||||
| 	RewriteCond %{HTTP:Upgrade} websocket [NC] | ||||
| 	RewriteCond %{HTTP:Connection} upgrade [NC] | ||||
| 	RewriteRule ^/?(.*) "wws://127.0.0.1:3000/$1" [P,L] | ||||
| </VirtualHost> | ||||
| ``` | ||||
| 
 | ||||
| ## Deployment with Docker | ||||
| The easiest way to get snapdrop up and running is by using Docker. | ||||
| 
 | ||||
| By default, docker listens on ports 8080 (http) and 8443 (https) (specified in `docker-compose.yml`). | ||||
| 
 | ||||
| When running Snapdrop via Docker, the `X-Forwarded-For` header has to be set by a proxy. Otherwise, all clients will be mutually visible. | ||||
| 
 | ||||
| ### Installation | ||||
| [See Local Development > Install](#install) | ||||
| 
 | ||||
| Use nginx or apache to set the header correctly: | ||||
| 
 | ||||
| ### Using nginx | ||||
| (This differs from the config under `/docker/nginx/default.conf) | ||||
| ``` | ||||
| server { | ||||
|     listen       80; | ||||
| 
 | ||||
|     expires epoch; | ||||
| 
 | ||||
|     location / { | ||||
|         proxy_connect_timeout 300; | ||||
|         proxy_pass http://127.0.0.1:8080; | ||||
|     } | ||||
| 
 | ||||
|     location /server { | ||||
|         proxy_connect_timeout 300; | ||||
|         proxy_pass http://127.0.0.1:8080; | ||||
|         proxy_set_header Connection "upgrade"; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|         proxy_set_header X-Forwarded-for $remote_addr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| server { | ||||
|     listen       443 ssl http2; | ||||
|     ssl_certificate /etc/ssl/certs/snapdrop-dev.crt; | ||||
|     ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key; | ||||
| 
 | ||||
|     expires epoch; | ||||
| 
 | ||||
|     location / { | ||||
|         proxy_connect_timeout 300; | ||||
|         proxy_pass http://127.0.0.1:443; | ||||
|     } | ||||
| 
 | ||||
|     location /server { | ||||
|         proxy_connect_timeout 300; | ||||
|         proxy_pass http://127.0.0.1:443; | ||||
|         proxy_set_header Connection "upgrade"; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|         proxy_set_header X-Forwarded-for $remote_addr; | ||||
|     } | ||||
| } | ||||
| ``` | ||||
| 
 | ||||
| ### Using Apache | ||||
| install modules `proxy`, `proxy_http`, `mod_proxy_wstunnel` | ||||
| ```shell | ||||
| a2enmod proxy | ||||
| ``` | ||||
| ```shell | ||||
| a2enmod proxy_http | ||||
| ``` | ||||
| ```shell | ||||
| a2enmod proxy_wstunnel | ||||
| ``` | ||||
| 
 | ||||
| <br> | ||||
| 
 | ||||
| Create a new configuration file under `/etc/apache2/sites-available` (on debian) | ||||
| 
 | ||||
| **snapdrop.conf** | ||||
| ``` | ||||
| <VirtualHost *:80>	 | ||||
| 	ProxyPass / http://127.0.0.1:8080/ | ||||
| 	RewriteEngine on | ||||
| 	RewriteCond %{HTTP:Upgrade} websocket [NC] | ||||
| 	RewriteCond %{HTTP:Connection} upgrade [NC] | ||||
| 	RewriteRule ^/?(.*) "ws://127.0.0.1:8080/$1" [P,L] | ||||
| </VirtualHost> | ||||
| <VirtualHost *:443>	 | ||||
| 	ProxyPass / https://127.0.0.1:8443/ | ||||
| 	RewriteEngine on | ||||
| 	RewriteCond %{HTTP:Upgrade} websocket [NC] | ||||
| 	RewriteCond %{HTTP:Connection} upgrade [NC] | ||||
| 	RewriteRule ^/?(.*) "wws://127.0.0.1:8443/$1" [P,L] | ||||
| </VirtualHost> | ||||
| ``` | ||||
| Activate the new virtual host and reload apache: | ||||
| ```shell | ||||
| a2ensite snapdrop | ||||
| ``` | ||||
| ```shell | ||||
| service apache2 reload | ||||
| ``` | ||||
| 
 | ||||
| [< Back](/README.md) | ||||
|  | @ -1,61 +0,0 @@ | |||
| # Local Development | ||||
| ## Install | ||||
| 
 | ||||
| First, [Install docker with docker-compose.](https://docs.docker.com/compose/install/) | ||||
| 
 | ||||
| Then, clone the repository: | ||||
| ``` | ||||
|     git clone https://github.com/RobinLinus/snapdrop.git | ||||
|     cd snapdrop | ||||
|     docker-compose up -d | ||||
| ``` | ||||
| Now point your browser to `http://localhost:8080`. | ||||
| 
 | ||||
| - To restart the containers run `docker-compose restart`. | ||||
| - To stop the containers run `docker-compose stop`. | ||||
| - To debug the NodeJS server run `docker logs snapdrop_node_1`. | ||||
| 
 | ||||
| 
 | ||||
| ## Run locally by pulling image from Docker Hub | ||||
| 
 | ||||
| Have docker installed, then use the command: | ||||
| ``` | ||||
|     docker pull linuxserver/snapdrop | ||||
| ``` | ||||
| 
 | ||||
| To run the image, type (if port 8080 is occupied by host use another random port <random port>:80): | ||||
| ``` | ||||
|     docker run -d -p 8080:80 linuxserver/snapdrop | ||||
| ``` | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## Testing PWA related features | ||||
| PWAs require that the app is served under a correctly set up and trusted TLS endpoint. | ||||
| 
 | ||||
| The nginx container creates a CA certificate and a website certificate for you. To correctly set the common name of the certificate, you need to change the FQDN environment variable in `docker/fqdn.env` to the fully qualified domain name of your workstation. | ||||
| 
 | ||||
| If you want to test PWA features, you need to trust the CA of the certificate for your local deployment. For your convenience, you can download the crt file from `http://<Your FQDN>:8080/ca.crt`. Install that certificate to the trust store of your operating system. | ||||
| - On Windows, make sure to install it to the `Trusted Root Certification Authorities` store. | ||||
| - On MacOS, double click the installed CA certificate in `Keychain Access`, expand `Trust`, and select `Always Trust` for SSL. | ||||
| - Firefox uses its own trust store. To install the CA, point Firefox at `http://<Your FQDN>:8080/ca.crt`. When prompted, select `Trust this CA to identify websites` and click OK. | ||||
| - When using Chrome, you need to restart Chrome so it reloads the trust store (`chrome://restart`). Additionally, after installing a new cert, you need to clear the Storage (DevTools -> Application -> Clear storage -> Clear site data). | ||||
| 
 | ||||
| Please note that the certificates (CA and webserver cert) expire after a day. | ||||
| Also, whenever you restart the nginx docker, container new certificates are created. | ||||
| 
 | ||||
| The site is served on `https://<Your FQDN>:443`. | ||||
|      | ||||
| ## Deployment Notes | ||||
| The client expects the server at http(s)://your.domain/server. | ||||
| 
 | ||||
| When serving the node server behind a proxy, the `X-Forwarded-For` header has to be set by the proxy. Otherwise, all clients that are served by the proxy will be mutually visible. | ||||
| 
 | ||||
| By default, the server listens on port 3000. | ||||
| 
 | ||||
| For an nginx configuration example, see `docker/nginx/default.conf`. | ||||
| 
 | ||||
| [< Back](/README.md) | ||||
		Loading…
	
		Reference in New Issue
	
	 schlagmichdoch
						schlagmichdoch