OpenSlides/proxy
Sean Engelhardt 6846b2ab91 Add vote service to OS4 setup
Integrate vote service, makes according changes to configuration
Updates the client to integrate the vote service
Updates the backend to integrate the vote service
2021-11-17 23:32:40 +01:00
..
certs Update submodules and use Caddy 2021-03-18 13:25:12 +01:00
caddy_base.json Add vote service to OS4 setup 2021-11-17 23:32:40 +01:00
Dockerfile add auto https support + manage router by header 2021-10-25 12:58:32 +02:00
Dockerfile.dev add auto https support + manage router by header 2021-10-25 12:58:32 +02:00
entrypoint Add vote service to OS4 setup 2021-11-17 23:32:40 +01:00
make-localhost-cert.sh Update submodules and use Caddy 2021-03-18 13:25:12 +01:00
Makefile Update submodules and use Caddy 2021-03-18 13:25:12 +01:00
README.md make local cert file location adjustable 2021-11-11 15:17:38 +01:00

OpenSlides proxy

The proxy is the entrypoint for traffic going into an OpenSlides instance and hides all the services needed for production behind a single port. On the docker container this will be port 8000. An arbitrary port from the host can then be forwarded to that (e.g. 443->8000).

HTTPS

It is possible to make use of caddy's automatic https feature in order to not having to manually generate TLS certificates. Set ENABLE_AUTO_HTTPS=1 and EXTERNAL_ADDRESS=openslides.example.com to activate it. Caddy will then retrieve a letsencrypt certificate for that domain. For testing a setup e.g. ACME_ENDPOINT=https://acme-staging-v02.api.letsencrypt.org/directory can also be set to avoid hitting rate limits. Importantly, port 80 on the host must be forwarded to port 8001 on which caddy will answer the ACME-challenge during certificate retrieval.

Alternatively a locally generated certificate can be used by setting ENABLE_LOCAL_HTTPS=1 HTTPS_CERT_FILE=path/to/crt HTTPS_CERT_FILE=path/to/key and providing cert and key files at the specified location. This is mostly for dev and testing setups and is not useful for a public domain as the cert is not issued by a trusted CA and therefore not trusted by browsers. If set, this overrules ENABLE_AUTO_HTTPS.