From 0f7352e2667a1b2970b53bd80bd12e622d6b5222 Mon Sep 17 00:00:00 2001 From: gkp1 Date: Sun, 18 Jan 2026 02:21:56 -0300 Subject: [PATCH] Add working example for reverse proxy + docker AND nginx with cloudflare proxy + show real ip configs --- .../basic-docker-compose/copyparty.conf | 8 +++++ .../basic-docker-compose/docker-compose.yml | 2 +- .../basic-docker-compose/nginx-example.nginx | 36 +++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 docs/examples/docker/basic-docker-compose/nginx-example.nginx diff --git a/docs/examples/docker/basic-docker-compose/copyparty.conf b/docs/examples/docker/basic-docker-compose/copyparty.conf index 0a01498f..507e3338 100644 --- a/docs/examples/docker/basic-docker-compose/copyparty.conf +++ b/docs/examples/docker/basic-docker-compose/copyparty.conf @@ -8,6 +8,14 @@ e2ts # enable multimedia indexing ansi # enable colors in log messages (both in logfiles and stdout) + # If using a reverse proxy: + # rproxy: -1 # Tell cpp we are behind 1 proxy + # xff-src: 10.0.0.0/8 # Trust connections from Docker Gateway (10.0.2.1) + # If also using cloudflare DNS with proxy: (also keep the 2 configs above enabled/uncommented!) + # (see a full working nginx file example to use domain name + https + cloudflare in docs/examples/docker/basic-docker-compose) + # xff-hdr: x-forwarded-for # Read the real IP from this header + + # q, lo: /cfg/log/%Y-%m%d.log # log to file instead of docker # p: 3939 # listen on another port diff --git a/docs/examples/docker/basic-docker-compose/docker-compose.yml b/docs/examples/docker/basic-docker-compose/docker-compose.yml index d75d3117..afd41ca0 100644 --- a/docs/examples/docker/basic-docker-compose/docker-compose.yml +++ b/docs/examples/docker/basic-docker-compose/docker-compose.yml @@ -6,7 +6,7 @@ services: container_name: copyparty user: "1000:1000" ports: - - 3923:3923 + - 3923:3923 # use 127.0.0.1:3923:3923 if you want to listen locally only (ideal if you're using a domain + reverse proxy) volumes: - ./:/cfg:z - /path/to/your/fileshare/top/folder:/w:z diff --git a/docs/examples/docker/basic-docker-compose/nginx-example.nginx b/docs/examples/docker/basic-docker-compose/nginx-example.nginx new file mode 100644 index 00000000..634c22a5 --- /dev/null +++ b/docs/examples/docker/basic-docker-compose/nginx-example.nginx @@ -0,0 +1,36 @@ +# 1. create this file: nano /etc/nginx/sites-available/example.mydomain.com +# 2. activate with symlink: ln -s /etc/nginx/sites-available/example.mydomain.com /etc/nginx/sites-enabled/ +# 3. test config: nginx -t +# 4. reload nginx: systemctl reload nginx +# 5. run certbot: certbot --nginx + +server { + listen 80; + listen [::]:80; + server_name example.mydomain.com; # <--- REPLACE THIS + + # ---------------------------------------------------------------------- + # NOTE: When you run 'certbot --nginx', it will automatically: + # 1. Change 'listen 80' to 'listen 443 ssl' + # 2. Insert the SSL certificate paths + # 3. Create a NEW server block for port 80 at the bottom to redirect HTTP -> HTTPS + # ---------------------------------------------------------------------- + + # Allow unlimited upload size (just compat for specific basic clients, curl etc) + client_max_body_size 0; + + location / { + proxy_pass http://127.0.0.1:3923; # <--- REPLACE PORT IF NEEDED + + # Connection Headers + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; # Better compatibility than hardcoded "Keep-Alive" + + # IP Forwarding Headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} \ No newline at end of file