Added example configs and header information
Added example configs for plain local nginx and Apache2. Also added FAQ section for all generic issues when not setting all required headers correctly. Added section for required headers in the Docker installation docs.
This commit is contained in:
MaxJa4
parent
9fcfa17004
commit
6e8729bb58
11
docs/faq.md
11
docs/faq.md
@ -18,6 +18,17 @@ Open Tandoor, open the menu behind the three vertical dots at the top right, sel
|
||||
#### Microsoft Edge
|
||||
Open Tandoor, open the menu behind the three horizontal dots at the top right, select `Apps > Install Tandoor Recipes`
|
||||
|
||||
## Why is Tandoor not working correctly?
|
||||
If you just set up your Tandoor instance and you're having issues like...
|
||||
|
||||
- Links not working
|
||||
- CSRF errors
|
||||
- CORS errors
|
||||
- No recipes are loading
|
||||
|
||||
... then make sure, that you have set [all required headers](install/docker.md#required-headers) in your reverse proxy correctly.
|
||||
If that doesn't fix it, you can also refer to the appropriate sub section in the [reverse proxy documentation](install/docker.md#reverse-proxy) and verify your general webserver configuration.
|
||||
|
||||
## Why am I getting CSRF Errors?
|
||||
If you are getting CSRF Errors this is most likely due to a reverse proxy not passing the correct headers.
|
||||
|
||||
|
||||
@ -102,7 +102,7 @@ wget https://raw.githubusercontent.com/vabene1111/recipes/develop/docs/install/d
|
||||
!!!note
|
||||
Don't forget to [download and configure](#docker-compose) your ```.env``` file!
|
||||
|
||||
#### **nginx-proxy**
|
||||
#### **jwilder's Nginx-proxy**
|
||||
|
||||
This is a docker compose example using [jwilder's nginx reverse proxy](https://github.com/jwilder/docker-gen)
|
||||
in combination with [jrcs's letsencrypt companion](https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/).
|
||||
@ -152,6 +152,102 @@ Please refer to the [appropriate documentation](https://github.com/linuxserver/d
|
||||
|
||||
For step-by-step instructions to set this up from scratch, see [this example](swag.md).
|
||||
|
||||
#### **Pure Nginx**
|
||||
|
||||
If you have Nginx installed locally on your host system without using any third party integration like Swag or similar, this is for you.
|
||||
|
||||
You can use the Docker-Compose file from [Plain](#plain).
|
||||
!!!warning "Adjust Docker-Compose file"
|
||||
Replace `80:80` with `PORT:80` with PORT being your desired outward-facing port.
|
||||
In the nginx config example below, 8080 is used.
|
||||
|
||||
An example configuration with LetsEncrypt to get you started can be seen below.
|
||||
Please note, that since every setup is different, you might need to adjust some things.
|
||||
|
||||
!!!warning "Placeholders"
|
||||
Don't forget to replace the domain and port.
|
||||
|
||||
```nginx
|
||||
server {
|
||||
if ($host = recipes.mydomain.tld) { # replace domain
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server_name recipes.mydomain.tld; # replace domain
|
||||
listen 80;
|
||||
return 404;
|
||||
}
|
||||
server {
|
||||
server_name recipes.mydomain.tld; # replace domain
|
||||
listen 443 ssl;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/recipes.mydomain.tld/fullchain.pem; # replace domain
|
||||
ssl_certificate_key /etc/letsencrypt/live/recipes.mydomain.tld/privkey.pem; # replace domain
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $http_host; # try $host instead if this doesn't work
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://127.0.0.1:8080; # replace port
|
||||
proxy_redirect http://127.0.0.1:8080 https://recipes.domain.tld; # replace port and domain
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
!!!note
|
||||
Don't forget to [download and configure](#docker-compose) your ```.env``` file!
|
||||
|
||||
#### **Apache**
|
||||
|
||||
You can use the Docker-Compose file from [Plain](#plain).
|
||||
!!!warning "Adjust Docker-Compose file"
|
||||
Replace `80:80` with `PORT:80` with PORT being your desired outward-facing port.
|
||||
In the Apache config example below, 8080 is used.
|
||||
|
||||
If you use e.g. LetsEncrypt for SSL encryption, you can use the example configuration from [solaris7590](https://github.com/TandoorRecipes/recipes/issues/1312#issuecomment-1020034375) below.
|
||||
|
||||
!!!warning "Placeholders"
|
||||
Don't forget to replace the domain and port.
|
||||
|
||||
```apache
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin webmaster@mydomain.de # replace domain
|
||||
ServerName mydomain.de # replace domain
|
||||
|
||||
Redirect permanent / https://mydomain.de/ # replace domain
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerAdmin webmaster@mydomain.de # replace domain
|
||||
ServerName mydomain.de # replace domain
|
||||
|
||||
SSLEngine on
|
||||
|
||||
RequestHeader set X-Forwarded-Proto "https"
|
||||
Header always set Access-Control-Allow-Origin "*"
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests Off
|
||||
ProxyPass / http://localhost:8080/ # replace port
|
||||
ProxyPassReverse / http://localhost:8080/ # replace port
|
||||
|
||||
SSLCertificateFile /etc/letsencrypt/live/mydomain.de/fullchain.pem # replace domain/path
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.de/privkey.pem # replace domain/path
|
||||
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/recipes_error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/recipes_access.log combined
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
```
|
||||
|
||||
If you're having issues with the example configuration above, you can try [beedaddy](https://github.com/TandoorRecipes/recipes/issues/1312#issuecomment-1015252663)'s example config.
|
||||
|
||||
!!!note
|
||||
Don't forget to [download and configure](#docker-compose) your ```.env``` file!
|
||||
|
||||
#### **Others**
|
||||
|
||||
If you use none of the above mentioned reverse proxies or want to use an existing one on your host machine (like a local nginx or Caddy), simply use the [Plain](#plain) setup above and change the outbound port to one of your liking.
|
||||
@ -213,3 +309,28 @@ configuration files for all user generated data (e.g. Postgresql and media files
|
||||
You can move everything to volumes if you prefer it this way, **but you cannot convert the nginx config file to a bind
|
||||
mount.**
|
||||
If you do so you will have to manually create the nginx config file and restart the container once after creating it.
|
||||
|
||||
### **Required Headers**
|
||||
|
||||
Please be sure to supply all required headers in your nginx/Apache/Caddy/... configuration!
|
||||
|
||||
nginx:
|
||||
```nginx
|
||||
location / {
|
||||
proxy_set_header Host $http_host; # try $host instead if this doesn't work
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://127.0.0.1:8080; # replace port
|
||||
proxy_redirect http://127.0.0.1:8080 https://recipes.domain.tld; # replace port and domain
|
||||
}
|
||||
```
|
||||
|
||||
Apache:
|
||||
```apache
|
||||
RequestHeader set X-Forwarded-Proto "https"
|
||||
Header always set Access-Control-Allow-Origin "*"
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests Off
|
||||
ProxyPass / http://localhost:8080/ # replace port
|
||||
ProxyPassReverse / http://localhost:8080/ # replace port
|
||||
```
|
||||
Loading…
Reference in New Issue
Block a user