Add working example for reverse proxy + docker AND nginx with cloudflare proxy + show real ip configs

2026-02-27 05:53:11 -07:00 · 2026-01-18 02:21:56 -03:00 · 2026-01-18 02:21:56 -03:00 · 0f7352e266
parent d925553810
commit 0f7352e266
3 changed files with 45 additions and 1 deletions
--- a/docs/examples/docker/basic-docker-compose/copyparty.conf
+++ b/docs/examples/docker/basic-docker-compose/copyparty.conf
@ -8,6 +8,14 @@
  e2ts   # enable multimedia indexing
  ansi   # enable colors in log messages (both in logfiles and stdout)

+  # If using a reverse proxy: 
+  # rproxy: -1                  # Tell cpp we are behind 1 proxy
+  # xff-src: 10.0.0.0/8         # Trust connections from Docker Gateway (10.0.2.1)
+  # If also using cloudflare DNS with proxy:   (also keep the 2 configs above enabled/uncommented!) 
+  # (see a full working nginx file example to use domain name + https + cloudflare in docs/examples/docker/basic-docker-compose)
+  # xff-hdr: x-forwarded-for     # Read the real IP from this header
+
+
  # q, lo: /cfg/log/%Y-%m%d.log   # log to file instead of docker

  # p: 3939          # listen on another port
--- a/docs/examples/docker/basic-docker-compose/docker-compose.yml
+++ b/docs/examples/docker/basic-docker-compose/docker-compose.yml
@ -6,7 +6,7 @@ services:
    container_name: copyparty
    user: "1000:1000"
    ports:
-      - 3923:3923
+      - 3923:3923 # use 127.0.0.1:3923:3923 if you want to listen locally only (ideal if you're using a domain + reverse proxy)
    volumes:
      - ./:/cfg:z
      - /path/to/your/fileshare/top/folder:/w:z
--- a/docs/examples/docker/basic-docker-compose/nginx-example.nginx
+++ b/docs/examples/docker/basic-docker-compose/nginx-example.nginx
@ -0,0 +1,36 @@
+# 1. create this file:         nano /etc/nginx/sites-available/example.mydomain.com
+# 2. activate with symlink:    ln -s /etc/nginx/sites-available/example.mydomain.com /etc/nginx/sites-enabled/
+# 3. test config:              nginx -t
+# 4. reload nginx:             systemctl reload nginx
+# 5. run certbot:              certbot --nginx
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name example.mydomain.com;  # <--- REPLACE THIS
+
+    # ----------------------------------------------------------------------
+    # NOTE: When you run 'certbot --nginx', it will automatically:
+    # 1. Change 'listen 80' to 'listen 443 ssl'
+    # 2. Insert the SSL certificate paths
+    # 3. Create a NEW server block for port 80 at the bottom to redirect HTTP -> HTTPS
+    # ----------------------------------------------------------------------
+
+    # Allow unlimited upload size (just compat for specific basic clients, curl etc)
+    client_max_body_size 0;
+
+    location / {
+        proxy_pass http://127.0.0.1:3923; # <--- REPLACE PORT IF NEEDED
+
+        # Connection Headers
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade"; # Better compatibility than hardcoded "Keep-Alive"
+
+        # IP Forwarding Headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}