88 lines
2.3 KiB
Markdown
88 lines
2.3 KiB
Markdown
# Setting Up with a Reverse Proxy
|
|
|
|
This application supports both direct access and running behind a reverse proxy with authentication. The mode is controlled by the `ENABLE_PROXY` environment variable.
|
|
|
|
## Configuration Options
|
|
|
|
### Direct Access Mode (default)
|
|
|
|
When `ENABLE_PROXY=false` (default), the application:
|
|
- Expects direct access via IP:port
|
|
- Uses non-secure cookies (suitable for HTTP)
|
|
- Relies only on the built-in authentication
|
|
|
|
Example docker-compose.yml for direct access:
|
|
```yaml
|
|
services:
|
|
mailcow-alias-manager:
|
|
build: .
|
|
restart: unless-stopped
|
|
environment:
|
|
- FLASK_PORT=5142
|
|
- ENABLE_PROXY=false
|
|
volumes:
|
|
- ./data:/app/data
|
|
ports:
|
|
- "5142:5142"
|
|
```
|
|
|
|
### Proxy Mode
|
|
|
|
When `ENABLE_PROXY=true`, the application:
|
|
- Is configured to work behind a reverse proxy
|
|
- Uses secure cookies (requires HTTPS)
|
|
- Can integrate with authentication providers like Authelia
|
|
|
|
Example docker-compose.yml for proxy access:
|
|
```yaml
|
|
services:
|
|
mailcow-alias-manager:
|
|
build: .
|
|
restart: unless-stopped
|
|
environment:
|
|
- FLASK_PORT=5142
|
|
- ENABLE_PROXY=true
|
|
volumes:
|
|
- ./data:/app/data
|
|
# No ports exposed - access only through proxy
|
|
networks:
|
|
- proxy-network
|
|
```
|
|
|
|
## Setting Up with Nginx
|
|
|
|
Here's a basic Nginx configuration for proxying to the application:
|
|
|
|
```nginx
|
|
server {
|
|
listen 443 ssl;
|
|
server_name alias.example.com;
|
|
|
|
# SSL configuration
|
|
ssl_certificate /path/to/cert.pem;
|
|
ssl_certificate_key /path/to/key.pem;
|
|
|
|
location / {
|
|
proxy_pass http://mailcow-alias-manager:5142;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
```
|
|
|
|
## Setting Up with Zoraxy or Traefik
|
|
|
|
For Zoraxy or Traefik, make sure to:
|
|
|
|
1. Set `ENABLE_PROXY=true` in your container environment
|
|
2. Configure the proxy to forward authentication headers if using an authentication provider
|
|
3. Set up the appropriate redirect URLs
|
|
|
|
## Debugging
|
|
|
|
When running behind a proxy, use the following endpoints for debugging:
|
|
- `/debug` - Shows detailed request information
|
|
- `/authelia-test` - Tests Authelia header forwarding
|
|
- `/health` - Shows basic health and authentication status |