Added PROXY_MODE. Close #45

2022-05-08 10:43:33 -05:00 · 2022-05-08 10:43:33 -05:00 · 4f07700573
commit 4f07700573
parent 950ed75076
3 changed files with 51 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,7 @@
 ## Unreleased

 * Fix: show correct domain name in guppe instructions on homepage
+* Add: Support running behind SSL-terminating reverse proxy (PROXY_MODE environment variable)

 ## v1.1.0 (2022-05-1)

--- a/README.md
+++ b/README.md
@ -29,6 +29,37 @@ echo DOMAIN=yourdomain.com >> .env
 docker-compose up --build -d
 ```

+## Updating
+
+Backup database:
+
+```
+docker-compose exec -T mongodb sh -c 'mongodump --archive' > guppe.dump
+```
+
+Fetch latest code & restart server:
+
+```
+git pull
+docker-compose up --build -d
+```
+
+## Optional configuration
+
+Additional values can be set in `.env` file
+
+| Setting | Description |
+| --- | --- |
+| PROXY_MODE | Enable use behind an SSL-terminating proxy or load balancer, serves over http instead of https and sets Express `trust proxy` setting to the value of `PROXY_MODE` (e.g. `1`, [other options](https://expressjs.com/en/guide/behind-proxies.html)) See note. |
+
+**Notes on use with a reverse proxy**: When setting proxyMode, you must ensure your reverse proxy sets the following headers: X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Proto (example for nginx below).
+
+```
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Proto $scheme;
+```
+
 ## License

 Copyright (c) 2021 William Murphy. Licensed under the AGPL-3
--- a/index.js
+++ b/index.js
@ -4,13 +4,14 @@ const express = require('express')
 const MongoClient = require('mongodb').MongoClient
 const fs = require('fs')
 const https = require('https')
+const http = require('http')
 const morgan = require('morgan')
 const history = require('connect-history-api-fallback')
 const { onShutdown } = require('node-graceful-shutdown')
 const ActivitypubExpress = require('activitypub-express')

 const { version } = require('./package.json')
-const { DOMAIN, KEY_PATH, CERT_PATH, CA_PATH, PORT_HTTPS, DB_URL, DB_NAME } = process.env
+const { DOMAIN, KEY_PATH, CERT_PATH, CA_PATH, PORT_HTTPS, DB_URL, DB_NAME, PROXY_MODE } = process.env

 const app = express()
 const client = new MongoClient(DB_URL)
@ -191,10 +192,23 @@ client.connect()
      await apex.store.saveObject(systemUser)
      apex.systemUser = systemUser
    }
-
-    const server = process.env.NODE_ENV === 'production'
-      ? AutoEncrypt.https.createServer({ domains: [DOMAIN] }, app)
-      : https.createServer(sslOptions, app)
+    let server
+    if (process.env.NODE_ENV === 'production') {
+      if (PROXY_MODE) {
+        server = http.createServer(app)
+        try {
+          // boolean or number
+          app.set('trust proxy', JSON.parse(PROXY_MODE))
+        } catch (ignore) {
+          // string
+          app.set('trust proxy', PROXY_MODE)
+        }
+      } else {
+        server = AutoEncrypt.https.createServer({ domains: [DOMAIN] }, app)
+      }
+    } else {
+      server = https.createServer(sslOptions, app)
+    }
    server.listen(PORT_HTTPS, function () {
      console.log('Guppe server listening on port ' + PORT_HTTPS)
    })