-
Notifications
You must be signed in to change notification settings - Fork 7
Reverse proxy configurations
- Simple without subdirectory
- Simple with COPS accessible in "subdirectory"
- Complex with multiple entrypoints
- Debugging proxy configurations
flowchart LR
client((Internet))
proxy[Reverse Proxy\nhttps://cops.site.com/]
cops[COPS\nhttp://127.0.0.1:8080/]
client --> proxy --> cops
No change needed in config/local.php
If you want to enforce going via reverse proxy, specify cops_full_url
in config/local.php
:
// specify with full host url
$config['cops_full_url'] = 'https://cops.site.com/';
flowchart LR
client((Internet))
proxy[Reverse Proxy\nhttps://www.site.com/cops/]
cops[COPS\nhttp://127.0.0.1:8080/]
client --> proxy --> cops
Specify cops_full_url
in config/local.php
:
// specify proxy prefix
$config['cops_full_url'] = '/cops/';
// or with full host url
//$config['cops_full_url'] = 'https://www.site.com/cops/';
flowchart LR
client((Internet))
proxy[Reverse Proxy\nhttps://www.site.com/books/]
cops[COPS\nhttp://172.18.0.2/]
docker[Docker\nhttp://172.17.0.1/cops/]
internal((Internal))
direct((Direct))
client --> proxy --> docker --> cops
internal --> docker
direct --> cops
a. Specify cops_trusted_proxies
and cops_trusted_headers
in config/local.php
:
// specify trusted proxies (add as needed)
$config['cops_trusted_proxies'] = '172.18.0.1';
// specify trusted headers (adapt based on proxy configuration)
$config['cops_trusted_headers'] = ['x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-prefix'];
See https://symfony.com/doc/current/deployment/proxies.html for more information
b. Or add some logic in config/local.php
to adapt cops_full_url
based on server request:
if ($_SERVER['REMOTE_ADDR'] === '172.18.0.1') {
$via = $_SERVER['HTTP_X_FORWARDED_HOST'] ?? '';
if ($via === 'www.site.com') {
$config['cops_full_url'] = 'https://www.site.com/books/';
} elseif ($via === '172.17.0.1') {
$config['cops_full_url'] = 'http://172.17.0.1/cops/';
}
}
If you're not quite sure the reverse proxy configurations you made are doing what they're supposed to, have a look at the /checkconfig.php
page, especially the section "Check if the base URL looks OK".
It will show you the base URL as seen by COPS locally, any cops_full_url
you defined in config/local.php
or the cops_trusted_proxies
and cops_trusted_headers
and their respective values that COPS received for that request