From 0f7352e2667a1b2970b53bd80bd12e622d6b5222 Mon Sep 17 00:00:00 2001
From: gkp1 <gianpmastrocola@gmail.com>
Date: Sun, 18 Jan 2026 02:21:56 -0300
Subject: [PATCH 1/3] Add working example for reverse proxy + docker AND nginx
 with cloudflare proxy + show real ip configs

---
 .../basic-docker-compose/copyparty.conf       |  8 +++++
 .../basic-docker-compose/docker-compose.yml   |  2 +-
 .../basic-docker-compose/nginx-example.nginx  | 36 +++++++++++++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 docs/examples/docker/basic-docker-compose/nginx-example.nginx

diff --git a/docs/examples/docker/basic-docker-compose/copyparty.conf b/docs/examples/docker/basic-docker-compose/copyparty.conf
index 0a01498f..507e3338 100644
--- a/docs/examples/docker/basic-docker-compose/copyparty.conf
+++ b/docs/examples/docker/basic-docker-compose/copyparty.conf
@@ -8,6 +8,14 @@
   e2ts   # enable multimedia indexing
   ansi   # enable colors in log messages (both in logfiles and stdout)
 
+  # If using a reverse proxy: 
+  # rproxy: -1                  # Tell cpp we are behind 1 proxy
+  # xff-src: 10.0.0.0/8         # Trust connections from Docker Gateway (10.0.2.1)
+  # If also using cloudflare DNS with proxy:   (also keep the 2 configs above enabled/uncommented!) 
+  # (see a full working nginx file example to use domain name + https + cloudflare in docs/examples/docker/basic-docker-compose)
+  # xff-hdr: x-forwarded-for     # Read the real IP from this header
+
+
   # q, lo: /cfg/log/%Y-%m%d.log   # log to file instead of docker
 
   # p: 3939          # listen on another port
diff --git a/docs/examples/docker/basic-docker-compose/docker-compose.yml b/docs/examples/docker/basic-docker-compose/docker-compose.yml
index d75d3117..afd41ca0 100644
--- a/docs/examples/docker/basic-docker-compose/docker-compose.yml
+++ b/docs/examples/docker/basic-docker-compose/docker-compose.yml
@@ -6,7 +6,7 @@ services:
     container_name: copyparty
     user: "1000:1000"
     ports:
-      - 3923:3923
+      - 3923:3923 # use 127.0.0.1:3923:3923 if you want to listen locally only (ideal if you're using a domain + reverse proxy)
     volumes:
       - ./:/cfg:z
       - /path/to/your/fileshare/top/folder:/w:z
diff --git a/docs/examples/docker/basic-docker-compose/nginx-example.nginx b/docs/examples/docker/basic-docker-compose/nginx-example.nginx
new file mode 100644
index 00000000..634c22a5
--- /dev/null
+++ b/docs/examples/docker/basic-docker-compose/nginx-example.nginx
@@ -0,0 +1,36 @@
+# 1. create this file:         nano /etc/nginx/sites-available/example.mydomain.com
+# 2. activate with symlink:    ln -s /etc/nginx/sites-available/example.mydomain.com /etc/nginx/sites-enabled/
+# 3. test config:              nginx -t
+# 4. reload nginx:             systemctl reload nginx
+# 5. run certbot:              certbot --nginx
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name example.mydomain.com;  # <--- REPLACE THIS
+
+    # ----------------------------------------------------------------------
+    # NOTE: When you run 'certbot --nginx', it will automatically:
+    # 1. Change 'listen 80' to 'listen 443 ssl'
+    # 2. Insert the SSL certificate paths
+    # 3. Create a NEW server block for port 80 at the bottom to redirect HTTP -> HTTPS
+    # ----------------------------------------------------------------------
+
+    # Allow unlimited upload size (just compat for specific basic clients, curl etc)
+    client_max_body_size 0;
+
+    location / {
+        proxy_pass http://127.0.0.1:3923; # <--- REPLACE PORT IF NEEDED
+
+        # Connection Headers
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade"; # Better compatibility than hardcoded "Keep-Alive"
+
+        # IP Forwarding Headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
\ No newline at end of file

From c16e6b5057a9aacfaf15bbe48a08ce0cc1612a58 Mon Sep 17 00:00:00 2001
From: "Gian P." <63517877+gkp1@users.noreply.github.com>
Date: Sun, 18 Jan 2026 04:29:28 -0300
Subject: [PATCH 2/3] Delete bad example
 docs/examples/docker/basic-docker-compose/nginx-example.nginx

Signed-off-by: Gian P. <63517877+gkp1@users.noreply.github.com>
---
 .../basic-docker-compose/nginx-example.nginx  | 36 -------------------
 1 file changed, 36 deletions(-)
 delete mode 100644 docs/examples/docker/basic-docker-compose/nginx-example.nginx

diff --git a/docs/examples/docker/basic-docker-compose/nginx-example.nginx b/docs/examples/docker/basic-docker-compose/nginx-example.nginx
deleted file mode 100644
index 634c22a5..00000000
--- a/docs/examples/docker/basic-docker-compose/nginx-example.nginx
+++ /dev/null
@@ -1,36 +0,0 @@
-# 1. create this file:         nano /etc/nginx/sites-available/example.mydomain.com
-# 2. activate with symlink:    ln -s /etc/nginx/sites-available/example.mydomain.com /etc/nginx/sites-enabled/
-# 3. test config:              nginx -t
-# 4. reload nginx:             systemctl reload nginx
-# 5. run certbot:              certbot --nginx
-
-server {
-    listen 80;
-    listen [::]:80;
-    server_name example.mydomain.com;  # <--- REPLACE THIS
-
-    # ----------------------------------------------------------------------
-    # NOTE: When you run 'certbot --nginx', it will automatically:
-    # 1. Change 'listen 80' to 'listen 443 ssl'
-    # 2. Insert the SSL certificate paths
-    # 3. Create a NEW server block for port 80 at the bottom to redirect HTTP -> HTTPS
-    # ----------------------------------------------------------------------
-
-    # Allow unlimited upload size (just compat for specific basic clients, curl etc)
-    client_max_body_size 0;
-
-    location / {
-        proxy_pass http://127.0.0.1:3923; # <--- REPLACE PORT IF NEEDED
-
-        # Connection Headers
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade"; # Better compatibility than hardcoded "Keep-Alive"
-
-        # IP Forwarding Headers
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-}
\ No newline at end of file

From 2570dd5cce047df3b9294e7622c617a7ffd8481d Mon Sep 17 00:00:00 2001
From: "Gian P." <63517877+gkp1@users.noreply.github.com>
Date: Sun, 18 Jan 2026 04:48:58 -0300
Subject: [PATCH 3/3] should be enabled by default with docker setup

Uncomment rproxy and xff-src settings for proxy configuration.

Signed-off-by: Gian P. <63517877+gkp1@users.noreply.github.com>
---
 docs/examples/docker/basic-docker-compose/copyparty.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/examples/docker/basic-docker-compose/copyparty.conf b/docs/examples/docker/basic-docker-compose/copyparty.conf
index 507e3338..3590c1e4 100644
--- a/docs/examples/docker/basic-docker-compose/copyparty.conf
+++ b/docs/examples/docker/basic-docker-compose/copyparty.conf
@@ -9,8 +9,8 @@
   ansi   # enable colors in log messages (both in logfiles and stdout)
 
   # If using a reverse proxy: 
-  # rproxy: -1                  # Tell cpp we are behind 1 proxy
-  # xff-src: 10.0.0.0/8         # Trust connections from Docker Gateway (10.0.2.1)
+   rproxy: -1                  # Tell cpp we are behind 1 proxy
+   xff-src: 10.0.0.0/8         # Trust connections from Docker Gateway (10.0.2.1)
   # If also using cloudflare DNS with proxy:   (also keep the 2 configs above enabled/uncommented!) 
   # (see a full working nginx file example to use domain name + https + cloudflare in docs/examples/docker/basic-docker-compose)
   # xff-hdr: x-forwarded-for     # Read the real IP from this header