mirror of
https://github.com/zadam/trilium.git
synced 2025-12-23 16:49:58 +01:00
docs(user): mention reverse proxy config (closes #4910)
This commit is contained in:
Elian Doran
@@ -76,4 +76,4 @@ client_max_body_size 0;
|
||||
|
||||
### Apache
|
||||
|
||||
For an Apache setup, refer to the [Apache proxy setup](Server%20Installation/2.%20Reverse%20proxy/Apache.md) guide.
|
||||
For an Apache setup, refer to the [Apache proxy setup](Server%20Installation/2.%20Reverse%20proxy/Apache%20using%20Docker.md) guide.
|
||||
@@ -109,7 +109,7 @@ If you want to run your instance in a non-default way, please use the volume swi
|
||||
## Reverse Proxy
|
||||
|
||||
1. [Nginx](../2.%20Reverse%20proxy/Nginx.md)
|
||||
2. [Apache](../2.%20Reverse%20proxy/Apache.md)
|
||||
2. [Apache](../2.%20Reverse%20proxy/Apache%20using%20Docker.md)
|
||||
|
||||
### Note on --user Directive
|
||||
|
||||
|
||||
@@ -0,0 +1,91 @@
|
||||
# Apache using Docker
|
||||
This tutorial assumes that you have created a DNS A record for `trilium.yourdomain.com` that you want to use for your Trilium server.
|
||||
|
||||
## Docker setup
|
||||
|
||||
Download docker image and create container
|
||||
|
||||
```
|
||||
docker pull triliumnext/trilium:[VERSION]
|
||||
docker create --name trilium -t -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:[VERSION]
|
||||
```
|
||||
|
||||
## Configuring the Apache proxy
|
||||
|
||||
1. Enable apache proxy modules
|
||||
|
||||
```
|
||||
a2enmod ssl
|
||||
a2enmod proxy
|
||||
a2enmod proxy_http
|
||||
a2enmod proxy_wstunnel
|
||||
```
|
||||
2. Create a new let's encrypt certificate
|
||||
|
||||
```
|
||||
sudo certbot certonly -d trilium.mydomain.com
|
||||
```
|
||||
|
||||
Choose standalone (2) and note the location of the created certificates (typically /etc/letsencrypt/live/...)
|
||||
3. Create a new virtual host file for apache (you may want to use `apachectl -S` to determine the server root location, mine is /etc/apache2)
|
||||
|
||||
```
|
||||
sudo nano /etc/apache2/sites-available/trilium.yourdomain.com.conf
|
||||
```
|
||||
|
||||
Paste (and customize) the following text into the configuration file
|
||||
|
||||
```
|
||||
|
||||
ServerName http://trilium.yourdomain.com
|
||||
RewriteEngine on
|
||||
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
|
||||
|
||||
|
||||
ServerName https://trilium.yourdomain.com
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
||||
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||||
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
|
||||
AllowEncodedSlashes NoDecode
|
||||
ProxyPass / http://localhost:8080/ nocanon
|
||||
ProxyPassReverse / http://localhost:8080/
|
||||
SSLCertificateFile /etc/letsencrypt/live/trilium.yourdomain.com/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/trilium.yourdomain.com/privkey.pem
|
||||
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||
|
||||
```
|
||||
4. Enable the virtual host with `sudo a2ensite trilium.yourdomain.com.conf`
|
||||
5. Reload apache2 with `sudo systemctl reload apache2`
|
||||
|
||||
## Configuring the trusted proxy
|
||||
|
||||
After setting up a reverse proxy, make sure to configure the <a class="reference-link" href="Trusted%20proxy.md">Trusted proxy</a>.
|
||||
|
||||
## Setup the systemd service to start up the server
|
||||
|
||||
Create and enable a systemd service to start the docker container on boot
|
||||
|
||||
1. Create a new empty file called `/lib/systemd/system/trilium.service` with the contents
|
||||
|
||||
```
|
||||
[Unit]
|
||||
Description=Trilium Server
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStart=/usr/bin/docker start -a trilium
|
||||
ExecStop=/usr/bin/docker stop -t 2 trilium
|
||||
|
||||
[Install]
|
||||
WantedBy=local.target
|
||||
```
|
||||
2. Install, enable and start service
|
||||
|
||||
```
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable trilium.service
|
||||
sudo systemctl start trilium.service
|
||||
```
|
||||
@@ -1,81 +0,0 @@
|
||||
# Apache
|
||||
I've assumed you have created a DNS A record for `trilium.yourdomain.com` that you want to use for your Trilium server.
|
||||
|
||||
1. Download docker image and create container
|
||||
|
||||
```
|
||||
docker pull triliumnext/trilium:[VERSION]
|
||||
docker create --name trilium -t -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:[VERSION]
|
||||
```
|
||||
2. Configure Apache proxy and websocket proxy
|
||||
|
||||
1. Enable apache proxy modules
|
||||
|
||||
```
|
||||
a2enmod ssl
|
||||
a2enmod proxy
|
||||
a2enmod proxy_http
|
||||
a2enmod proxy_wstunnel
|
||||
```
|
||||
2. Create a new let's encrypt certificate
|
||||
|
||||
```
|
||||
sudo certbot certonly -d trilium.mydomain.com
|
||||
```
|
||||
|
||||
Choose standalone (2) and note the location of the created certificates (typically /etc/letsencrypt/live/...)
|
||||
3. Create a new virtual host file for apache (you may want to use `apachectl -S` to determine the server root location, mine is /etc/apache2)
|
||||
|
||||
```
|
||||
sudo nano /etc/apache2/sites-available/trilium.yourdomain.com.conf
|
||||
```
|
||||
|
||||
Paste (and customize) the following text into the configuration file
|
||||
|
||||
```
|
||||
|
||||
ServerName http://trilium.yourdomain.com
|
||||
RewriteEngine on
|
||||
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
|
||||
|
||||
|
||||
ServerName https://trilium.yourdomain.com
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
||||
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||||
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
|
||||
AllowEncodedSlashes NoDecode
|
||||
ProxyPass / http://localhost:8080/ nocanon
|
||||
ProxyPassReverse / http://localhost:8080/
|
||||
SSLCertificateFile /etc/letsencrypt/live/trilium.yourdomain.com/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/trilium.yourdomain.com/privkey.pem
|
||||
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||
|
||||
```
|
||||
4. Enable the virtual host with `sudo a2ensite trilium.yourdomain.com.conf`
|
||||
5. Reload apache2 with `sudo systemctl reload apache2`
|
||||
3. Create and enable a systemd service to start the docker container on boot
|
||||
|
||||
1. Create a new empty file called `/lib/systemd/system/trilium.service` with the contents
|
||||
|
||||
```
|
||||
[Unit]
|
||||
Description=Trilium Server
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStart=/usr/bin/docker start -a trilium
|
||||
ExecStop=/usr/bin/docker stop -t 2 trilium
|
||||
|
||||
[Install]
|
||||
WantedBy=local.target
|
||||
```
|
||||
2. Install, enable and start service
|
||||
|
||||
```
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable trilium.service
|
||||
sudo systemctl start trilium.service
|
||||
```
|
||||
@@ -1,19 +1,24 @@
|
||||
# Nginx
|
||||
Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
|
||||
Configure Nginx proxy and HTTPS. The operating system here is Ubuntu.
|
||||
|
||||
1. Download Nginx and remove Apache2
|
||||
|
||||
```
|
||||
sudo apt-get install nginx
|
||||
sudo apt-get remove apache2
|
||||
```
|
||||
2. Create configure file
|
||||
## Installing Nginx
|
||||
|
||||
Download Nginx and remove Apache2
|
||||
|
||||
```
|
||||
sudo apt-get install nginx
|
||||
sudo apt-get remove apache2
|
||||
```
|
||||
|
||||
## Build the configuration file
|
||||
|
||||
1. First, create the configuration file:
|
||||
|
||||
```
|
||||
cd /etc/nginx/conf.d
|
||||
vim default.conf
|
||||
```
|
||||
3. Fill the file with the context shown below, part of the setting show be changed. Then you can enjoy your web with HTTPS forced and proxy.
|
||||
2. Fill the file with the context shown below, part of the setting show be changed. Then you can enjoy your web with HTTPS forced and proxy.
|
||||
|
||||
```
|
||||
# This part configures, where your Trilium server is running
|
||||
@@ -54,23 +59,29 @@ Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
```
|
||||
4. Alternatively if you want to serve the instance under a different path (useful e.g. if you want to serve multiple instances), update the location block like so:
|
||||
|
||||
* update the location with your desired path (make sure to not leave a trailing slash "/", if your `proxy_pass` does not end on a slash as well)
|
||||
* add the `proxy_cookie_path` directive with the same path: this allows you to stay logged in at multiple instances at the same time.
|
||||
|
||||
```
|
||||
location /trilium/instance-one {
|
||||
rewrite /trilium/instance-one/(.*) /$1 break;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_pass http://trilium;
|
||||
proxy_cookie_path / /trilium/instance-one
|
||||
proxy_read_timeout 90;
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## Serving under a different path
|
||||
|
||||
Alternatively if you want to serve the instance under a different path (useful e.g. if you want to serve multiple instances), update the location block like so:
|
||||
|
||||
* update the location with your desired path (make sure to not leave a trailing slash "/", if your `proxy_pass` does not end on a slash as well)
|
||||
* add the `proxy_cookie_path` directive with the same path: this allows you to stay logged in at multiple instances at the same time.
|
||||
|
||||
```
|
||||
location /trilium/instance-one {
|
||||
rewrite /trilium/instance-one/(.*) /$1 break;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_pass http://trilium;
|
||||
proxy_cookie_path / /trilium/instance-one
|
||||
proxy_read_timeout 90;
|
||||
}
|
||||
```
|
||||
|
||||
## Configuring the trusted proxy
|
||||
|
||||
After setting up a reverse proxy, make sure to configure the <a class="reference-link" href="Trusted%20proxy.md">Trusted proxy</a>.
|
||||
@@ -0,0 +1,17 @@
|
||||
# Trusted proxy
|
||||
If you are running the Trilium server under a [reverse proxy](../2.%20Reverse%20proxy), it's important to configure it as a trusted proxy so that the application can correctly identify the real IP address of the clients (for authentication and rate limiting purposes).
|
||||
|
||||
To do so, simply modify <a class="reference-link" href="../../../Advanced%20Usage/Configuration%20(config.ini%20or%20e.md">Configuration (config.ini or environment variables)</a> and set:
|
||||
|
||||
```
|
||||
[Network]
|
||||
trustedReverseProxy=true
|
||||
```
|
||||
|
||||
This will use the left-most IP in the `X-Forwarded-For` header. Alternatively, instead of `true` use the IP address of the reverse proxy or Express.js shortcuts such as:
|
||||
|
||||
```
|
||||
loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7)
|
||||
```
|
||||
|
||||
For more information, consult [Express behind proxies](https://expressjs.com/en/guide/behind-proxies.html).
|
||||
Reference in New Issue
Block a user