working recipe using nginx

README.md

@@ -27,4 +27,4 @@
 6. Open the configured domain in your browser to finish set-up
 
 [`abra`]: https://git.coopcloud.tech/coop-cloud/abra
-[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
+[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik

compose.yml

@@ -12,8 +12,8 @@ services:
       # Traefik can't use HTTP2 to communicate with cryptpat_websocket
       # A workaroung is disabling HTTP2 in Nginx
       - "CPAD_HTTP2_DISABLE=true"
-      - "CPAD_REALIP_RECURSIVE=on"
+#      - "CPAD_REALIP_RECURSIVE=on"
-      - "CPAD_REALIP_HEADER=X-Real-Ip"
+#      - "CPAD_REALIP_HEADER=X-Real-Ip"
       - "CPAD_TRUST_PROXY=1"
       - "CPAD_CONF=/cryptpad/config/config.js"
 
@@ -72,7 +72,7 @@ services:
         - "traefik.docker.network=proxy"
         - "traefik.http.routers.${STACK_NAME}.tls=true"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8083"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}` `${SANDBOX_DOMAIN}` ${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`, `${SANDBOX_DOMAIN}` ${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
 

config.js.tmpl

@@ -46,8 +46,7 @@ module.exports = {
  *  cryptpad/docs/example.nginx.conf (see the $main_domain variable)
  *
  */
-    //httpUnsafeOrigin: 'https://{{ env "CPAD_MAIN_DOMAIN" }}',
+    httpUnsafeOrigin: 'https://{{ env "CPAD_MAIN_DOMAIN" }}',
-    httpUnsafeOrigin: 'http://localhost:3000',
 
 /*  httpSafeOrigin is the URL that is used for the 'sandbox' described above.
  *  If you're testing or developing with CryptPad on your local machine then
@@ -68,8 +67,7 @@ module.exports = {
  *
  *  CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
  */
-    //httpSafeOrigin: 'https://{{ env "CPAD_SANDBOX_DOMAIN" }}',
+    httpSafeOrigin: 'https://{{ env "CPAD_SANDBOX_DOMAIN" }}',
-    //httpSafeOrigin: 'http://localhost:3001',
 
 /*  httpAddress specifies the address on which the nodejs server
  *  should be accessible. By default it will listen on 127.0.0.1
@@ -77,7 +75,7 @@ module.exports = {
  *  all addresses, including IPv6, set this to '::'.
  *
  */
-    //httpAddress: '::',
+    httpAddress: '::',
 
 /*  httpPort specifies on which port the nodejs server should listen.
  *  By default it will serve content over port 3000, which is suitable

nginx.conf.tmpl

@@ -1,12 +1,3 @@
-upstream cryptpad_app {
-    server {{ env "STACK_NAME" }}_app:3000;
-}
-
-upstream cryptpad_ws {
-    #server {{ env "STACK_NAME" }}_app:3003;
-    server {{ env "STACK_NAME" }}_app:3000;
-}
-
 server {
     listen 8083;
     server_name localhost;
@@ -18,7 +9,7 @@ server {
 
     # Main CryptPad app
     location / {
-        proxy_pass http://cryptpad_app;
+        proxy_pass http://{{ env "STACK_NAME" }}_app:3000;
 
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -34,7 +25,7 @@ server {
 
     # WebSocket endpoint
     location ^~ /cryptpad_websocket {
-        proxy_pass http://cryptpad_ws;
+        proxy_pass http://{{ env "STACK_NAME" }}_app:3003;
 
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;