Skip to content

Reverse proxy configurations

mikespub edited this page Oct 16, 2024 · 4 revisions

Reverse Proxy Configurations

  1. Simple without subdirectory
  2. Simple with COPS accessible in "subdirectory"
  3. Complex with multiple entrypoints
  4. Debugging proxy configurations

Simple without subdirectory

flowchart LR
  client((Internet))
  proxy[Reverse Proxy\nhttps://cops.site.com/]
  cops[COPS\nhttp://127.0.0.1:8080/]
  client --> proxy --> cops
Loading

No change needed in config/local.php

If you want to enforce going via reverse proxy, specify cops_full_url in config/local.php:

// specify with full host url
$config['cops_full_url'] = 'https://cops.site.com/';

Simple with COPS accessible in "subdirectory"

flowchart LR
  client((Internet))
  proxy[Reverse Proxy\nhttps://www.site.com/cops/]
  cops[COPS\nhttp://127.0.0.1:8080/]
  client --> proxy --> cops
Loading

Specify cops_full_url in config/local.php:

// specify proxy prefix
$config['cops_full_url'] = '/cops/';
// or with full host url
//$config['cops_full_url'] = 'https://www.site.com/cops/';

Complex with multiple entrypoints

flowchart LR
  client((Internet))
  proxy[Reverse Proxy\nhttps://www.site.com/books/]
  cops[COPS\nhttp://172.18.0.2/]
  docker[Docker\nhttp://172.17.0.1/cops/]
  internal((Internal))
  direct((Direct))
  client --> proxy --> docker --> cops
  internal --> docker
  direct --> cops
Loading

a. Specify cops_trusted_proxies and cops_trusted_headers in config/local.php:

// specify trusted proxies (add as needed)
$config['cops_trusted_proxies'] = '172.18.0.1';
// specify trusted headers (adapt based on proxy configuration)
$config['cops_trusted_headers'] = ['x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-prefix'];

See https://symfony.com/doc/current/deployment/proxies.html for more information

b. Or add some logic in config/local.php to adapt cops_full_url based on server request:

if ($_SERVER['REMOTE_ADDR'] === '172.18.0.1') {
    $via = $_SERVER['HTTP_X_FORWARDED_HOST'] ?? '';
    if ($via === 'www.site.com') {
        $config['cops_full_url'] = 'https://www.site.com/books/';
    } elseif ($via === '172.17.0.1') {
        $config['cops_full_url'] = 'http://172.17.0.1/cops/';
    }
}

Debugging proxy configurations

If you're not quite sure the reverse proxy configurations you made are doing what they're supposed to, have a look at the /checkconfig.php page, especially the section "Check if the base URL looks OK".

It will show you the base URL as seen by COPS locally, any cops_full_url you defined in config/local.php or the cops_trusted_proxies and cops_trusted_headers and their respective values that COPS received for that request