# Reverse Proxy

## Nginx

Basically, you just need to set the domain, TLS certificates,
Host and X-Forwarded headers (so txtdot could know the hostname)
and pass all requests to txtdot.

```
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # Replace the domain
    server_name txt.dc09.ru;

    ssl_certificate ...pem;
    ssl_certificate_key ...key;
    # More options here:
    # https://ssl-config.mozilla.org/#server=nginx&config=modern

    location / {
        # Replace 8080 port if needed
        proxy_pass http://127.0.0.1:8080;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

On the official instance, TLS is configured in the main nginx config,
so we omit these options below.

Nginx serves static files faster than NodeJS, let's configure it:

```
server {
    ...

    location /static/ {
        alias /home/txtdot/src/dist/static/;
    }
}
```

What about rate-limiting? We don't want the hackers to overload our proxy.

The config below rate-limits to 2 requests per second,
allows to put up to 4 requests into the queue,
sets the maximum size for zone to 10 megabytes.
See the [Nginx blog post](https://www.nginx.com/blog/rate-limiting-nginx/) for detailed explanation.

```
limit_req_zone $binary_remote_addr zone=txtdotapi:10m rate=2r/s;

server {
    ...
    location / {
        limit_req zone=txtdotapi burst=4;
        ...
    }
    ...
}
```

Let's put all together.
Here's our [sample config](https://github.com/TxtDot/txtdot/blob/main/config/nginx.conf):

```
limit_req_zone $binary_remote_addr zone=txtdotapi:10m rate=2r/s;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name txt.dc09.ru;

    location / {
        limit_req zone=txtdotapi burst=4;
        proxy_pass http://127.0.0.1:8080;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /static/ {
        alias /home/txtdot/src/dist/static/;
    }
}
```

## Apache

Coming soon.
If you are familiar with Apache httpd and want to help,
write a config here (a small explanation as above also would be great)
and open a [pull request](https://github.com/txtdot/documentation/pulls).