rune/malias-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Activity
Files
dffe1e18afa9a838c6cb84105e1b2fc96d37680b
malias-web/PROXY_SETUP.md

2.3 KiB
Raw Blame History

Setting Up with a Reverse Proxy

This application supports both direct access and running behind a reverse proxy with authentication. The mode is controlled by the ENABLE_PROXY environment variable.

Configuration Options

Direct Access Mode (default)

When ENABLE_PROXY=false (default), the application:

  • Expects direct access via IP:port
  • Uses non-secure cookies (suitable for HTTP)
  • Relies only on the built-in authentication

Example docker-compose.yml for direct access:

services:
  mailcow-alias-manager:
    build: .
    restart: unless-stopped
    environment:
      - FLASK_PORT=5142
      - ENABLE_PROXY=false
    volumes:
      - ./data:/app/data
    ports:
      - "5142:5142"

Proxy Mode

When ENABLE_PROXY=true, the application:

  • Is configured to work behind a reverse proxy
  • Uses secure cookies (requires HTTPS)
  • Can integrate with authentication providers like Authelia

Example docker-compose.yml for proxy access:

services:
  mailcow-alias-manager:
    build: .
    restart: unless-stopped
    environment:
      - FLASK_PORT=5142
      - ENABLE_PROXY=true
    volumes:
      - ./data:/app/data
    # No ports exposed - access only through proxy
    networks:
      - proxy-network

Setting Up with Nginx

Here's a basic Nginx configuration for proxying to the application:

server {
    listen 443 ssl;
    server_name alias.example.com;
    
    # SSL configuration
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    
    location / {
        proxy_pass http://mailcow-alias-manager:5142;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Setting Up with Zoraxy or Traefik

For Zoraxy or Traefik, make sure to:

  1. Set ENABLE_PROXY=true in your container environment
  2. Configure the proxy to forward authentication headers if using an authentication provider
  3. Set up the appropriate redirect URLs

Debugging

When running behind a proxy, use the following endpoints for debugging:

  • /debug - Shows detailed request information
  • /authelia-test - Tests Authelia header forwarding
  • /health - Shows basic health and authentication status
Reference in New Issue View Git Blame Copy Permalink