mirror of
https://github.com/TxtDot/documentation.git
synced 2024-11-25 14:26:22 +03:00
Reverse proxy docs
This commit is contained in:
parent
9e7d87d7af
commit
9cde62e839
1 changed files with 102 additions and 0 deletions
102
docs/reverse.md
Normal file
102
docs/reverse.md
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
# Reverse Proxy
|
||||||
|
|
||||||
|
## Nginx
|
||||||
|
|
||||||
|
Basically, you just need to set the domain, TLS certificates,
|
||||||
|
Host and X-Forwarded headers (so txtdot could know the hostname)
|
||||||
|
and pass all requests to txtdot.
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
# Replace the domain
|
||||||
|
server_name txt.dc09.ru;
|
||||||
|
|
||||||
|
ssl_certificate ...pem;
|
||||||
|
ssl_certificate_key ...key;
|
||||||
|
# More options here:
|
||||||
|
# https://ssl-config.mozilla.org/#server=nginx&config=modern
|
||||||
|
|
||||||
|
location / {
|
||||||
|
# Replace 8080 port if needed
|
||||||
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
On the official instance, TLS is configured in the main nginx config,
|
||||||
|
so we omit these options below.
|
||||||
|
|
||||||
|
Nginx serves static files faster than NodeJS, let's configure it:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
...
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
alias /home/txtdot/src/dist/static/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
What about rate-limiting? We don't want the hackers to overload our proxy.
|
||||||
|
|
||||||
|
The config below rate-limits to 2 requests per second,
|
||||||
|
allows to put up to 4 requests into the queue,
|
||||||
|
sets the maximum size for zone to 10 megabytes.
|
||||||
|
See the [Nginx blog post](https://www.nginx.com/blog/rate-limiting-nginx/) for detailed explanation.
|
||||||
|
|
||||||
|
```
|
||||||
|
limit_req_zone $binary_remote_addr zone=txtdotapi:10m rate=2r/s;
|
||||||
|
|
||||||
|
server {
|
||||||
|
...
|
||||||
|
location / {
|
||||||
|
limit_req zone=txtdotapi burst=4;
|
||||||
|
...
|
||||||
|
}
|
||||||
|
...
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Let's put all together.
|
||||||
|
Here's our [sample config](https://github.com/TxtDot/txtdot/blob/main/config/nginx.conf):
|
||||||
|
|
||||||
|
```
|
||||||
|
limit_req_zone $binary_remote_addr zone=txtdotapi:10m rate=2r/s;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
server_name txt.dc09.ru;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
limit_req zone=txtdotapi burst=4;
|
||||||
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
alias /home/txtdot/src/dist/static/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Apache
|
||||||
|
|
||||||
|
Coming soon.
|
||||||
|
If you are familiar with Apache httpd and want to help,
|
||||||
|
write a config here (a small explanation as above also would be great)
|
||||||
|
and open a [pull request](https://github.com/txtdot/documentation/pulls).
|
Loading…
Add table
Reference in a new issue