Closed Appel-flappen closed 1 year ago
I have mine behind haproxy.
The only thing I had to add was the following to .env:
NGINX_SERVER_SCHEME=https
RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'proxy_ip']
I also had to modify docker-compose.yml (or you could do the override one instead) to pass those variables in. IE for zammad-init:
zammad-init:
command: ["zammad-init"]
depends_on:
- zammad-postgresql
environment:
- MEMCACHE_SERVERS=${MEMCACHE_SERVERS}
- POSTGRESQL_USER=${POSTGRES_USER}
- POSTGRESQL_PASS=${POSTGRES_PASS}
- REDIS_URL=${REDIS_URL}
- RAILS_TRUSTED_PROXIES=${RAILS_TRUSTED_PROXIES}
image: ${IMAGE_REPO}:${VERSION}
restart: on-failure
volumes:
- zammad-data:/opt/zammad
and zammad-nginx
zammad-nginx:
command: ["zammad-nginx"]
ports:
- "8002:8080"
depends_on:
- zammad-railsserver
environment:
- NGINX_SERVER_SCHEME=${NGINX_SERVER_SCHEME}
image: ${IMAGE_REPO}:${VERSION}
restart: ${RESTART}
volumes:
- zammad-data:/opt/zammad
This tells it to trust headers from the proxy_ip and thus you will get proper IP's instead of everyone coming from the proxy ip.
I wouldn't bother trying another reverse proxy direct to the zammad ports and just use your own reverse proxy to reverse to the nginx one who then sends it correctly otherwise you'll get caught each time you update.
HTH
Ah that's perfect thank you!
Hi,
I was wondering if there were any instructions for how to use your own webserver instead of the builtin nginx one? eg. what ports from which other containers, where does the websocket have to go to.
If it's fine however to just proxy the nginx one again, then that's fine, I can do that instead. I read in the documentation this may cause issues with CSRF authentication.
Thanks :)