OpenSlides/proxy/README.md

# OpenSlides Proxy

The proxy is the entrypoint for traffic going into an OpenSlides instance and
hides all the services needed for production behind a single port. On the
docker container this will be port 8000. An arbitrary port from the host can
then be forwarded to that (e.g. 443->8000).

## HTTPS

It is possible to make use of caddy's automatic https feature in order to not
having to manually generate TLS certificates.
Set `ENABLE_AUTO_HTTPS=1` and `EXTERNAL_ADDRESS=openslides.example.com` to
activate it. Caddy will then retrieve a letsencrypt certificate for that
domain.
For testing a setup e.g.
`ACME_ENDPOINT=https://acme-staging-v02.api.letsencrypt.org/directory` can also
be set to avoid hitting rate limits.
Importantly, port 80 on the host must be forwarded to port 8001 on which caddy
will answer the ACME-challenge during certificate retrieval.

Alternatively a locally generated certificate can be used by setting
`ENABLE_LOCAL_HTTPS=1 HTTPS_CERT_FILE=path/to/crt HTTPS_CERT_FILE=path/to/key`
and providing cert and key files at the specified location. This is mostly for
dev and testing setups and is not useful for a public domain as the cert is not
issued by a trusted CA and therefore not trusted by browsers. If set, this
overrules `ENABLE_AUTO_HTTPS`.
Added LABELS to proxy's Dockerfile. (#6323) 2022-01-07 21:12:51 +01:00			`# OpenSlides Proxy`
add auto https support + manage router by header switch from caddy file to native json 2021-09-27 13:17:41 +02:00
			`The proxy is the entrypoint for traffic going into an OpenSlides instance and`
			`hides all the services needed for production behind a single port. On the`
			`docker container this will be port 8000. An arbitrary port from the host can`
			`then be forwarded to that (e.g. 443->8000).`

			`## HTTPS`

			`It is possible to make use of caddy's automatic https feature in order to not`
			`having to manually generate TLS certificates.`
			Set `ENABLE_AUTO_HTTPS=1` and `EXTERNAL_ADDRESS=openslides.example.com` to
			`activate it. Caddy will then retrieve a letsencrypt certificate for that`
			`domain.`
			`For testing a setup e.g.`
			`ACME_ENDPOINT=https://acme-staging-v02.api.letsencrypt.org/directory` can also
			`be set to avoid hitting rate limits.`
			`Importantly, port 80 on the host must be forwarded to port 8001 on which caddy`
			`will answer the ACME-challenge during certificate retrieval.`

make local cert file location adjustable 2021-11-11 15:17:38 +01:00			`Alternatively a locally generated certificate can be used by setting`
			`ENABLE_LOCAL_HTTPS=1 HTTPS_CERT_FILE=path/to/crt HTTPS_CERT_FILE=path/to/key`
			`and providing cert and key files at the specified location. This is mostly for`
			`dev and testing setups and is not useful for a public domain as the cert is not`
			`issued by a trusted CA and therefore not trusted by browsers. If set, this`
			overrules `ENABLE_AUTO_HTTPS`.