Skip to content

Reverse proxy setup

Securing your bot with SSL/TLS encryption is strongly recommended.

To do this, you need:

  1. An FQDN (e.g. example.com)
  2. To set up a web server as a reverse proxy

Tip

If your bot is running on a supported port, you can use Cloudflare's Proxy and free SSL/TLS instead.

If you already have a domain and know how to create an HTTPS proxy, you can safely skip this page. If not, there are several options available:

Traefik Nginx Caddy PebbleHost
Difficulty Most difficult Moderate Easy Easy
Bot installations Docker only Any Any PebbleHost only

Make sure you set the bot's HTTP_TRUST_PROXY environment variable to true.

If you already have Caddy running, update your existing configuration and use caddy reload instead.

First, install Caddy, then create a Caddyfile:

Caddyfile
1
2
3
tickets.example.com {
    reverse_proxy 127.0.0.1:8169
}

Now start Caddy:

1
sudo caddy start

Nginx

Community guides

Configuration

This example will proxy traffic from http://tickets.example.com to your bot. To secure the connection, refer to the guides linked above.

/etc/nginx/sites-available/tickets.example.com
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
server {
    listen 80;
    listen [::]:80;(1)

    server_name tickets.example.com;(2)

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:8169;(3)
    }
}
  1. Remove this line if you don't have IPv6 networking.
  2. Replace this with the FQDN that you set in your bot's HTTP_EXTERNAL environment variable.
  3. Change the port to match your bot's HTTP_PORT environment variable. Also, change the IP address if the bot is running on a different server.

Traefik

Documentation

Configuration

This example shows the additions you may need to make to your docker-compose.yml file to configure Traefik. After installing and configuring Traefik (referring to the documentation linked above), change the highlighted values to match your configuration.

This example shows the configuration you may need to add to the bot service & router in exemple docker-compose.yml file. Refer to the documentation linked above for more information.

docker-compose.yml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
version: "3.9"

services:
  mysql:
    #(...)
  bot:
    #(...)
    networks:
      - discord-tickets
      - traefik_network # (1)!
    #(...)
  env:
    #(...)
      HTTP_TRUST_PROXY: "true" # (2)!
    labels:
      - "traefik.enable=true" # (3)!
      - "traefik.docker.network=traefik_network" # (4)!
      - "traefik.http.routers.tickets.entrypointswebsecure" # (5)!
      - "traefik.http.routers.tickets.rule=Host(`tickets.example.com`)" # (6)!
      - "traefik.http.services.tickets.loadbalancer.server.port=8169" # (7)!

networks:
  discord-tickets:
  traefik_network: # (1)!
    external: true
#(...)
  1. Replace the traefik_network by the network used by traefik to reverse_proxy & loadbalancing your services
  2. Set to true if you're using a reverse proxy
  3. Enables Traefik for this container
  4. Optional but recommended, tells Traefik which Docker network to use
  5. Tells Traefik the entrypoint to use, make it correspond to the one you've set on Traefik's configuration
  6. Replace tickets.example.com with your FQDN
  7. Tells traefik to fetch discord tickets on 8169 port

PebbleHost

Comments