Foreword

This guide assumes that:

  • Shaarli runs in a Docker container
  • The host's 10080 port is mapped to the container's 80 port
  • Shaarli's Fully Qualified Domain Name (FQDN) is shaarli.domain.tld
  • HTTP traffic is redirected to HTTPS

Apache

The following HTTP headers are set when the ProxyPass directive is set:

  • X-Forwarded-For
  • X-Forwarded-Host
  • X-Forwarded-Server

The original SERVER_NAME can be sent to the proxied host by setting the ProxyPreserveHost directive to On.

<VirtualHost *:80>
    ServerName shaarli.domain.tld
    Redirect permanent / https://shaarli.domain.tld
</VirtualHost>

<VirtualHost *:443>
    ServerName shaarli.domain.tld

    SSLEngine on
    SSLCertificateFile    /path/to/cert
    SSLCertificateKeyFile /path/to/certkey

    LogLevel warn
    ErrorLog  /var/log/apache2/shaarli-error.log
    CustomLog /var/log/apache2/shaarli-access.log combined

    RequestHeader set X-Forwarded-Proto "https"
    ProxyPreserveHost On

    ProxyPass        / http://127.0.0.1:10080/
    ProxyPassReverse / http://127.0.0.1:10080/
</VirtualHost>

HAProxy

global
    [...]

defaults
    [...]

frontend http-in
    bind :80
    redirect scheme https code 301 if !{ ssl_fc }

    bind :443 ssl crt /path/to/cert.pem

    default_backend shaarli


backend shaarli
    mode http
    option http-server-close
    option forwardfor
    reqadd X-Forwarded-Proto: https

    server shaarli1 127.0.0.1:10080

Nginx

http {
    [...]

    index index.html index.php;

    root        /home/john/web;
    access_log  /var/log/nginx/access.log;
    error_log   /var/log/nginx/error.log;

    server {
        listen       80;
        server_name  shaarli.domain.tld;
        return       301 https://shaarli.domain.tld$request_uri;
    }

    server {
        listen       443 ssl http2;
        server_name  shaarli.domain.tld;

        ssl_certificate       /path/to/cert
        ssl_certificate_key   /path/to/certkey

        location / {
            proxy_set_header  X-Real-IP         $remote_addr;
            proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header  X-Forwarded-Proto $scheme;
            proxy_set_header  X-Forwarded-Host  $host;

            proxy_pass             http://localhost:10080/;
            proxy_set_header Host  $host;
            proxy_connect_timeout  30s;
            proxy_read_timeout     120s;

            access_log      /var/log/nginx/shaarli.access.log;
            error_log       /var/log/nginx/shaarli.error.log;
        }
    }
}