OpenCloud: Difference between revisions
Forward radicale traffic through opencloud instead of nginx. The previous configuration allowed anyone to query the public endpoint and override the remote user header. This edit matches: https://github.com/opencloud-eu/opencloud-compose/blob/main/config/radicale/config https://github.com/opencloud-eu/opencloud-compose/blob/main/config/opencloud/proxy.yaml Tags: Mobile edit Mobile web edit |
→Nginx: Won't work without proxy_set_header |
||
| (One intermediate revision by the same user not shown) | |||
| Line 3: | Line 3: | ||
==== OpenCloud ==== | ==== OpenCloud ==== | ||
The snippet below enables the [https://github.com/opencloud-eu OpenCloud] service and disables TLS between the proxy and OpenCloud (only recommended when using together with a reverse proxy, see below)<syntaxhighlight lang="nix"> | The snippet below enables the [https://github.com/opencloud-eu OpenCloud] service and disables TLS between the proxy and OpenCloud (only recommended when using together with a reverse proxy, see below)<syntaxhighlight lang="nix"> | ||
environment.etc."opencloud-admin-pass".text = '' | |||
IDM_ADMIN_PASSWORD=secure-password | |||
''; | |||
services.opencloud = { | services.opencloud = { | ||
enable = true; | enable = true; | ||
| Line 10: | Line 13: | ||
environment = { | environment = { | ||
PROXY_TLS = "false"; # disable https when behind reverse-proxy | PROXY_TLS = "false"; # disable https when behind reverse-proxy | ||
}; | }; | ||
environmentFile = "/etc/opencloud-admin-pass"; | |||
}; | }; | ||
| Line 26: | Line 29: | ||
proxyPass = "http://127.0.0.1:9200"; | proxyPass = "http://127.0.0.1:9200"; | ||
proxyWebsockets = true; | proxyWebsockets = true; | ||
extraConfig = '' | |||
proxy_set_header Host $host; | |||
''; | |||
}; | }; | ||
}; | }; | ||