remove X-Forward-for header from nginx default.conf to be able to run Snapdrop with docker correctly. Add how-to and configuration examples for nginx and apache to documentation.

This commit is contained in:
schlagmichdoch 2022-12-22 01:03:24 +01:00
parent f769a76605
commit 28336eebf0
5 changed files with 229 additions and 93 deletions

View file

@ -12,7 +12,7 @@
Have any questions? Read our [FAQ](/docs/faq.md).
You can [host your own instance with Docker](/docs/local-dev.md).
You can [host your own instance with Docker](/docs/host-your-own.md).
## Support the Snapdrop Community

View file

@ -19,7 +19,7 @@ services:
- ./docker/openssl:/mnt/openssl
ports:
- "8080:80"
- "443:443"
- "8443:443"
env_file: ./docker/fqdn.env
entrypoint: /mnt/openssl/create.sh
command: ["nginx", "-g", "daemon off;"]

View file

@ -1,9 +1,5 @@
server {
listen 80;
#server_name your.domain;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
expires epoch;
@ -17,21 +13,11 @@ server {
proxy_pass http://node:3000;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
}
location /ca.crt {
alias /etc/ssl/certs/snapdropCA.crt;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
@ -39,11 +25,6 @@ server {
ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
#server_name ;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
expires epoch;
location / {
@ -56,20 +37,10 @@ server {
proxy_pass http://node:3000;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
}
location /ca.crt {
alias /etc/ssl/certs/snapdropCA.crt;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

226
docs/host-your-own.md Normal file
View file

@ -0,0 +1,226 @@
# Local Development
## Install
First, [Install docker with docker-compose.](https://docs.docker.com/compose/install/)
Then, clone the repository and run docker-compose:
```shell
git clone https://github.com/RobinLinus/snapdrop.git
```
```shell
cd snapdrop
```
```shell
docker-compose up -d
```
Now point your browser to `http://localhost:8080`.
- To restart the containers run `docker-compose restart`.
- To stop the containers run `docker-compose stop`.
- To debug the NodeJS server run `docker logs snapdrop_node_1`.
## Run locally by pulling image from Docker Hub
Have docker installed, then use the command:
```shell
docker pull linuxserver/snapdrop
```
To run the image, type (if port 8080 is occupied by host use another random port <random port>:80):
```shell
docker run -d -p 8080:80 linuxserver/snapdrop
```
<br>
## Testing PWA related features
PWAs require that the app is served under a correctly set up and trusted TLS endpoint.
The nginx container creates a CA certificate and a website certificate for you. To correctly set the common name of the certificate, you need to change the FQDN environment variable in `docker/fqdn.env` to the fully qualified domain name of your workstation.
If you want to test PWA features, you need to trust the CA of the certificate for your local deployment. For your convenience, you can download the crt file from `http://<Your FQDN>:8080/ca.crt`. Install that certificate to the trust store of your operating system.
- On Windows, make sure to install it to the `Trusted Root Certification Authorities` store.
- On MacOS, double click the installed CA certificate in `Keychain Access`, expand `Trust`, and select `Always Trust` for SSL.
- Firefox uses its own trust store. To install the CA, point Firefox at `http://<Your FQDN>:8080/ca.crt`. When prompted, select `Trust this CA to identify websites` and click OK.
- When using Chrome, you need to restart Chrome so it reloads the trust store (`chrome://restart`). Additionally, after installing a new cert, you need to clear the Storage (DevTools -> Application -> Clear storage -> Clear site data).
Please note that the certificates (CA and webserver cert) expire after a day.
Also, whenever you restart the nginx docker, container new certificates are created.
The site is served on `https://<Your FQDN>:8443`.
# Deployment Notes
The client expects the server at http(s)://your.domain/server.
When serving the node server behind a proxy, the `X-Forwarded-For` header has to be set by the proxy. Otherwise, all clients that are served by the proxy will be mutually visible.
## Deployment with node
By default, the node server listens on port 3000.
Use nginx or apache to set the header correctly:
### Using nginx
```
server {
listen 80;
expires epoch;
location / {
root /var/www/snapdrop/client;
index index.html index.htm;
}
location /server {
proxy_connect_timeout 300;
proxy_pass http://node:3000;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
}
}
server {
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
expires epoch;
location / {
root /var/www/snapdrop/client;
index index.html;
}
location /server {
proxy_connect_timeout 300;
proxy_pass http://node:3000;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
}
}
```
### Using Apache
```
<VirtualHost *:80>
DocumentRoot "/var/www/snapdrop/client"
DirectoryIndex index.html
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:3000/$1" [P,L]
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/snapdrop/client"
DirectoryIndex index.html
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "wws://127.0.0.1:3000/$1" [P,L]
</VirtualHost>
```
## Deployment with Docker
The easiest way to get snapdrop up and running is by using Docker.
By default, docker listens on ports 8080 (http) and 8443 (https) (specified in `docker-compose.yml`).
When running Snapdrop via Docker, the `X-Forwarded-For` header has to be set by a proxy. Otherwise, all clients will be mutually visible.
### Installation
[See Local Development > Install](#install)
Use nginx or apache to set the header correctly:
### Using nginx
(This differs from the config under `/docker/nginx/default.conf)
```
server {
listen 80;
expires epoch;
location / {
proxy_connect_timeout 300;
proxy_pass http://127.0.0.1:8080;
}
location /server {
proxy_connect_timeout 300;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
}
}
server {
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
expires epoch;
location / {
proxy_connect_timeout 300;
proxy_pass http://127.0.0.1:443;
}
location /server {
proxy_connect_timeout 300;
proxy_pass http://127.0.0.1:443;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
}
}
```
### Using Apache
install modules `proxy`, `proxy_http`, `mod_proxy_wstunnel`
```shell
a2enmod proxy
```
```shell
a2enmod proxy_http
```
```shell
a2enmod proxy_wstunnel
```
<br>
Create a new configuration file under `/etc/apache2/sites-available` (on debian)
**snapdrop.conf**
```
<VirtualHost *:80>
ProxyPass / http://127.0.0.1:8080/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:8080/$1" [P,L]
</VirtualHost>
<VirtualHost *:443>
ProxyPass / https://127.0.0.1:8443/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "wws://127.0.0.1:8443/$1" [P,L]
</VirtualHost>
```
Activate the new virtual host and reload apache:
```shell
a2ensite snapdrop
```
```shell
service apache2 reload
```
[< Back](/README.md)

View file

@ -1,61 +0,0 @@
# Local Development
## Install
First, [Install docker with docker-compose.](https://docs.docker.com/compose/install/)
Then, clone the repository:
```
git clone https://github.com/RobinLinus/snapdrop.git
cd snapdrop
docker-compose up -d
```
Now point your browser to `http://localhost:8080`.
- To restart the containers run `docker-compose restart`.
- To stop the containers run `docker-compose stop`.
- To debug the NodeJS server run `docker logs snapdrop_node_1`.
## Run locally by pulling image from Docker Hub
Have docker installed, then use the command:
```
docker pull linuxserver/snapdrop
```
To run the image, type (if port 8080 is occupied by host use another random port <random port>:80):
```
docker run -d -p 8080:80 linuxserver/snapdrop
```
## Testing PWA related features
PWAs require that the app is served under a correctly set up and trusted TLS endpoint.
The nginx container creates a CA certificate and a website certificate for you. To correctly set the common name of the certificate, you need to change the FQDN environment variable in `docker/fqdn.env` to the fully qualified domain name of your workstation.
If you want to test PWA features, you need to trust the CA of the certificate for your local deployment. For your convenience, you can download the crt file from `http://<Your FQDN>:8080/ca.crt`. Install that certificate to the trust store of your operating system.
- On Windows, make sure to install it to the `Trusted Root Certification Authorities` store.
- On MacOS, double click the installed CA certificate in `Keychain Access`, expand `Trust`, and select `Always Trust` for SSL.
- Firefox uses its own trust store. To install the CA, point Firefox at `http://<Your FQDN>:8080/ca.crt`. When prompted, select `Trust this CA to identify websites` and click OK.
- When using Chrome, you need to restart Chrome so it reloads the trust store (`chrome://restart`). Additionally, after installing a new cert, you need to clear the Storage (DevTools -> Application -> Clear storage -> Clear site data).
Please note that the certificates (CA and webserver cert) expire after a day.
Also, whenever you restart the nginx docker, container new certificates are created.
The site is served on `https://<Your FQDN>:443`.
   
## Deployment Notes
The client expects the server at http(s)://your.domain/server.
When serving the node server behind a proxy, the `X-Forwarded-For` header has to be set by the proxy. Otherwise, all clients that are served by the proxy will be mutually visible.
By default, the server listens on port 3000.
For an nginx configuration example, see `docker/nginx/default.conf`.
[< Back](/README.md)