Reverse proxy setup¶

Securing your bot with SSL/TLS encryption is strongly recommended.

To do this, you need:

An FQDN (e.g. example.com)
To set up a web server as a reverse proxy

Tip

If your bot is running on a supported port, you can use Cloudflare's Proxy and free SSL/TLS instead.

If you already have a domain and know how to create an HTTPS proxy, you can safely skip this page. If not, there are several options available:

	Traefik	Nginx	Caddy	PebbleHost
Difficulty	Most difficult	Moderate	Easy	Easy
Bot installations	Docker only	Any	Any	PebbleHost only

Make sure you set the bot's HTTP_TRUST_PROXY environment variable to true.

Caddy 2 (recommended)¶

If you already have Caddy running, update your existing configuration and use caddy reload instead.

First, install Caddy, then create a Caddyfile:

Caddyfile
tickets.example.com {
    reverse_proxy 127.0.0.1:8169
}

Now start Caddy:

1	`sudo caddy start`

Nginx¶

Community guides¶

Nginx installation

How to install Nginx on various Linux distributions.

DigitalOcean Community
Securing Nginx

How to secure Nginx with Let's Encrypt on various Linux distributions.

DigitalOcean Community

Configuration¶

This example will proxy traffic from http://tickets.example.com to your bot. To secure the connection, refer to the guides linked above.

/etc/nginx/sites-available/tickets.example.com
server {
    listen 80;
    listen [::]:80;

    server_name tickets.example.com;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:8169;
    }
}

Traefik¶

Documentation¶

Traefik quick start

A quick start guide to adding Traefik to your existing docker-compose.yml file.

Traefik Documentation
Traefik configuration

How to use Traefik with Docker Compose.

Traefik Documentation

Configuration¶

This example shows the additions you may need to make to your docker-compose.yml file to configure Traefik. After installing and configuring Traefik (referring to the documentation linked above), change the highlighted values to match your configuration.

This example shows the configuration you may need to add to the bot service & router in example docker-compose.yml file. Refer to the documentation linked above for more information.

docker-compose.yml
version: "3.9"

services:
  mysql:
    #(...)
  bot:
    #(...)
    networks:
      - discord-tickets
      - traefik_network 

    #(...)
  env:
    #(...)
      HTTP_TRUST_PROXY: "true" 
    labels:
      - "traefik.enable=true" 
      - "traefik.docker.network=traefik_network" 
      - "traefik.http.routers.tickets.entrypointswebsecure" 
      - "traefik.http.routers.tickets.rule=Host(`tickets.example.com`)" 
      - "traefik.http.services.tickets.loadbalancer.server.port=8169" 

networks:
  discord-tickets:
  traefik_network: 
    external: true
#(...)

PebbleHost¶

PebbleHost Reverse Proxy

How to set up a reverse proxy on PebbleHost.

PebbleHost Knowledgebase

Reverse proxy setup¶

Caddy 2 (recommended)¶

Nginx¶

Community guides¶

Configuration¶

Traefik¶

Documentation¶

Configuration¶

PebbleHost¶

Comments

Let's compare