search

vicalloy / outline-docker-compose

Install a self-hosted Outline wiki instance in a couple of minutes
BSD 3-Clause "New" or "Revised" License
738 stars 120 forks source link

HTTPS Support #63

Open Alvinst opened 9 months ago

Alvinst commented 9 months ago

Have you tried to add HTTPS support on the portal? I tried to add automatic Let's Encrypt cert renew and I almost did it except OIDC couldn't work. I am sure it's about django routing...

v1net commented 9 months ago

i have my installation behind an haProxy thats working fine

Alvinst commented 9 months ago

Yes I am sure it's technically possible, but I thought I was really close, so perhaps somebody could give me a little boost

v1net commented 9 months ago

do you know where the logs are stored for outline?

7ekhed commented 7 months ago

Outline Config: URL = PublicFacingURL:PublicFacingPort

The URL and domain that you are using to host this with the port of the site is what should be filled within the outline config IP Address section. Essentially, if you host this at notes.yourdomain.com via cloudflare, and you’re pointing it back to an NGINX proxy instance, the Outline service and respective child services (Nginx host, OIDC Server, Redis) itself will host on the NginxConfig host, which should be set to 0.0.0.0 for external access (meaning going to 192.168.1.100:8888 will hit outline), and is accessible via port 8888, so in Nginx, create a redirect from notes.yourdomain.com to the IP Address of the Outline host on port 8888, ensure 443 and 80 are open in your firewall, and in the configuration, when it is asking for the OutlineConfig URL, ensure that you list both the domain URL and the port utilized (if using HTTP, port 80, if HTTPS, port 443) in the Outline Config, the port is a required element

Like: notes.yourdomain.com:443

~

How this is setup for me:

Docker Host: 192.168.1.100

Config File: 

                OutlineSection ~ URL: notes.mydomain.com:443 PORT: 3000

                NginxSection    ~ URL: 0.0.0.0 PORT: 8888

                Leave the Rest Alone

Nginx Proxy Manager: Add a HTTP Redirection Host to 192.168.1.100:8888 from notes.mydomain.com

               WebSocket Support + Block Common Exploits + Cache
               SSL > Request New SSL Certificate

Firewall(s):

              NAT Forward port 80/443 to Nginx Proxy Manager

              If multiple firewalls / routers / layers to network, push port through to each until host reached

Access:

             For Internal Useage / Testing, 192.168.1.100:8888 will get to the site

             For Public Access / Useage, notes.mydomain.com should get to the site

             For User Management, 192.168.1.100:8888/uc/admin/auth/user/

                            NOTE: USER MUST HAVE LISTED EMAIL ADDRESS OR SIGN-IN WILL FAIL