On proxy pass reverse going from unsecure to secure domain

Support
1

My version of HedgeDoc is: 1.10.2 [docker image Quay]

What I expected to happen:

I have set up hedgedocs on an unsecure domain on port 4444 and made an proxy reverse pass on that to a secure domain on the same domain.

From my docker compose file:

  • CMD_PORT=4444
    - CMD_URL_ADDPORT=true
    - CMD_DEFAULT_PERMISSION=freely
    - CMD_ALLOW_ANONYMOUS_EDITS=false
    - CMD_PROTOCOL_USESSL=false
    - CMD_HSTS_ENABLE=true
    - NODE_ENV=production
    - CMD_CSP_ENABLE=false
    - CMD_ALLOW_ORIGIN=[‘my-domainname’]

What actually happened:

But all the js and css files to be used are being blocked - so hedgedocs are not being displayed as expected.

I already tried:
Setting up the apache server to listen for port 4444 with SSL - didn’t like that :frowning:

What am I missing?

Cheers,
Adam

2

Hi @aj42 and welcome to the HedgeDoc community!

First of all, please be sure to read the docs about reverse-proxying.

It sounds to me as if you want to run HedgeDoc locally at http://insecure.example.com:4444 and proxied as https://secure.example.com. Right?

In that case, be sure to set the docker port mappings to 4444:3000 to make the instance available at that port.
As the CMD_DOMAIN, CMD_URL_ADDPORT and CMD_PROTOCOL_USESSL environment variables are all used to build links for the end-user, so they should match the reverse-proxy’s URL. For the settings mentioned above this would mean:

  • CMD_DOMAIN=secure.example.com
  • CMD_URL_ADDPORT=false
  • CMD_PROTOCOL_USESSL=true

Please also note that disabling the CSP could lower the security of your instance as the risk of XSS or other things is a bit higher.

If however you intend to use port 4444 on the reverse proxy as well, the setup is a bit more complex.
Set CMD_PORT=4444 which also changes the port inside the docker container. Therefore, change the binding for the ports in the docker-compose file to 4455:4444 or any other free port. Your Apache then is able to use port 4444 since it is only already used inside the container. Finally set CMD_URL_ADDPORT=true and configure Apache to proxy to http://localhost:4455.

Best regards,
Erik

3

Hi Erik

Thank you!

& then a million thanks, it is working now! :smiley:

Cheers,
Adam