search

revoltchat / self-hosted

Deploy Revolt using Docker.
854 stars 108 forks source link

Need help deploying behing proxy #16

Closed pitininja closed 2 years ago

pitininja commented 2 years ago

Hello everyone,

Thanks for this project it's awesome and I hope it's gonna grow big.

I'm trying to deploy Revolt on my personal server. To do so I have deployed the Docker containers using the docker-compose on this project.

I'm trying to setup all of this behind a Nginx proxy (on my server domain, with HTTPS) but can't get it to work. For now I have a Nginx proxy that proxies https://revolt.mydomain.com/ to http://local.revolt.chat:5000 but when I go to the Revolt app page, I have network errors since the client is trying to reach the backend on http://local.revolt.chat:8000.

Here is my .env file:

# URL to where the Revolt app is publicly accessible
REVOLT_APP_URL=http://local.revolt.chat:5000

# URL to where the API is publicly accessible
REVOLT_PUBLIC_URL=http://local.revolt.chat:8000
VITE_API_URL=http://local.revolt.chat:8000

# URL to where the WebSocket server is publicly accessible
REVOLT_EXTERNAL_WS_URL=ws://local.revolt.chat:9000

# URL to where Autumn is publicly available
AUTUMN_PUBLIC_URL=http://local.revolt.chat:3000

# URL to where January is publicly available
JANUARY_PUBLIC_URL=http://local.revolt.chat:7000

# URL to where Vortex is publicly available
# VOSO_PUBLIC_URL=https://voso.revolt.chat

##
## hCaptcha Settings
##

# If you are sure that you don't want to use hCaptcha, set to 1.
REVOLT_UNSAFE_NO_CAPTCHA=0

# hCaptcha API key
REVOLT_HCAPTCHA_KEY=******

# hCaptcha site key
REVOLT_HCAPTCHA_SITEKEY=******

##
## Email Settings
##

# If you are sure that you don't want to use email verification, set to 1.
REVOLT_UNSAFE_NO_EMAIL=0

# SMTP host
# REVOLT_SMTP_HOST=smtp.example.com

# SMTP username
# REVOLT_SMTP_USERNAME=noreply@example.com

# SMTP password
# REVOLT_SMTP_PASSWORD=CHANGEME

# SMTP From header
# REVOLT_SMTP_FROM=Revolt <noreply@example.com>

##
## Application Settings
##

# Whether to only allow users to sign up if they have an invite code
REVOLT_INVITE_ONLY=1

# Maximum number of people that can be in a group chat
REVOLT_MAX_GROUP_SIZE=50

# VAPID keys for push notifications
# Generate using this guide: https://gitlab.insrt.uk/revolt/delta/-/wikis/vapid
# --> Please replace these keys before going into production! <--
REVOLT_VAPID_PRIVATE_KEY=******
REVOLT_VAPID_PUBLIC_KEY=******

##
## Autumn configuration
##

# S3 Region
AUTUMN_S3_REGION=minio

# S3 Endpoint
AUTUMN_S3_ENDPOINT=http://minio:9000

# MinIO Root User
MINIO_ROOT_USER=minioautumn

# MinIO Root Password
MINIO_ROOT_PASSWORD=minioautumn

# AWS Access Key ID (auto-filled if present above)
# AWS_ACCESS_KEY_ID=minioautumn

# AWS Secret Key (auto-filled if present above)
# AWS_SECRET_ACCESS_KEY=minioautumn

##
## Vortex configuration
##

# VOSO_MANAGE_TOKEN=CHANGEME

Thanks for any help

Mar0xy commented 2 years ago

You need to proxy to localhost:5000, localhost:8000 and etc then change the urls in the .env file to your domain urls as the urls in the .env file are used to set the locations of where the client tries to get the data from. Look at this file for an example nginx config.

jim3692 commented 2 years ago

I have a working Revolt configuration with nginx in my repo jim3692/self-hosted EDIT: I haven't added january yet

insertish commented 2 years ago

.env file is used by the server to provide the client with the information it needs to connect to Revolt, hence it needs to be your public endpoints there.

The default configuration is intended for running the stack on the same machine.

pitininja commented 2 years ago

Thank you very much for your answers everyone, it helped me a lot!

I did pretty much like in the example provided by @jim3692 and it works fine 👍

Is it okay (from a security point of view) to publicly expose all these services on my server?

Also (forgive me as this is off topic) is it possible to target my self hosted server when using the desktop application?

jim3692 commented 2 years ago

Deploying you own VPN to connect to your server would be much safer, but I don't think it's worth it.

For the desktop application, you need to change the domain in config.ts and rebuild the app.

pitininja commented 2 years ago

Perfect, many thanks again sir 👍

insertish commented 2 years ago

Assuming this was fixed, closing.

Is it okay (from a security point of view) to publicly expose all these services on my server?

There shouldn't be any harm in theory, although: