From eebc91de63b925b525dcb0414ac7e7ae4c852ed0 Mon Sep 17 00:00:00 2001 From: qwertzipups <120680350+qwertzipups@users.noreply.github.com> Date: Thu, 15 Dec 2022 20:51:34 +0100 Subject: [PATCH] Update README.md Added Reverse Proxy and Ports to the docker-compose.yml --- README.md | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 02c9355..c890658 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,8 @@ services: restart: always volumes: - '/local/path/to/data:/data' + ports: + - 5000:5000 cli: image: 'ghcr.io/g3rv4/fakerelay:latest' volumes: @@ -75,6 +77,35 @@ services: That will store the configuration files at `/local/path/to/data` (they are a couple json files). +### Setup SSL reverse proxy +The relay needs to be accessible via a domain name with https. The subdomain can be served via a reverse proxy that also handles the SSL encryption. + +#### Nginx config file +``` +server { + listen 443 ssl http2; + listen [::]:443 http2 ssl; + + # Uncomment and change these lines if you want to restrict access to fakerelay + # allow Your-Instance-IPv6-address; + # allow Your-Instance-IPv4-address; + # allow GetMoarFediverse-Container-IP; + # deny all; + + server_name relay.domain.tld; + + location / { + proxy_pass http://127.0.0.1:5000; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_max_temp_file_size 0; + } + + #ssl_certificate /etc/letsencrypt/live/relay.domain.tld/fullchain.pem; # managed by Certbot + #ssl_certificate_key /etc/letsencrypt/live/relay.domain.tld/privkey.pem; # managed by Certbot +} +``` + ### Configure the app The first time you run this it needs to create a key, you can trigger that using: @@ -132,4 +163,4 @@ If you want to revoke a instance's key, you can use `instance delete`: ``` g3rv4@s1:~/docker/FakeRelay$ docker-compose run --rm cli instance delete mastodon.social Key deleted for mastodon.social -``` \ No newline at end of file +```