From 02117f7ea35d719351a99cd4f1c339b2ad4ef266 Mon Sep 17 00:00:00 2001 From: nodiscc Date: Sat, 15 Aug 2020 20:03:43 +0200 Subject: [PATCH] doc: reverse proxy: update HTTP->HTTPS redirect configuration, remove logging options --- doc/md/Reverse-proxy.md | 17 +++++++++++------ doc/md/Server-configuration.md | 3 +-- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/doc/md/Reverse-proxy.md b/doc/md/Reverse-proxy.md index 2c1c601e..77e4a04d 100644 --- a/doc/md/Reverse-proxy.md +++ b/doc/md/Reverse-proxy.md @@ -17,8 +17,17 @@ See also [proxy-related](https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%9 ```apache ServerName shaarli.mydomain.org - # Redirect HTTP to HTTPS - Redirect permanent / https://shaarli.mydomain.org + DocumentRoot /var/www/shaarli.mydomain.org/ + + # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests + RewriteEngine on + RewriteRule ^.well-known/acme-challenge/ - [L] + RewriteCond %{HTTP_HOST} =shaarli.mydomain.org + RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] + # If you are using mod_md, use this instead + #MDCertificateAgreement accepted + #MDContactEmail admin@shaarli.mydomain.org + #MDPrivateKeys RSA 4096 @@ -28,10 +37,6 @@ See also [proxy-related](https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%9 SSLCertificateFile /path/to/certificate SSLCertificateKeyFile /path/to/private/key - LogLevel warn - ErrorLog /var/log/apache2/error.log - CustomLog /var/log/apache2/access.log combined - # let the proxied shaarli server/container know HTTPS URLs should be served RequestHeader set X-Forwarded-Proto "https" diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index c63e296e..c1cf4310 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -1,7 +1,5 @@ # Server configuration - - ## Requirements ### Operating system and web server @@ -24,6 +22,7 @@ Setup a **firewall** (using `iptables`, [ufw](https://www.digitalocean.com/commu Shaarli makes outbound HTTP/HTTPS connections to websites you bookmark to fetch page information (title, thumbnails), the server must then have access to the Internet as well, and a working DNS resolver. +-------------------------------------------------------------------------------- ### PHP