Skip to content

Running behind a reverse proxy

Jump to bottom
Dima Krasner edited this page Feb 20, 2024 · 4 revisions
  • Run tootik with -plain, so it speaks HTTP and the reverse proxy handles TLS.
    • Ensure the reverse proxy uses a valid TLS certificate
  • Use -addr (i.e. -addr 127.0.0.1:8080) to specify the port used by tootik's HTTP listener.
  • Use -domain to specify the external host and port combination other servers use to talk to your instance:
    • If tootik runs on example.com with -addr 127.0.0.1:8080 -plain with a reverse proxy on port 443, pass -domain example.com
    • If tootik runs on example.com with -addr 127.0.0.1:8080 -plain with a reverse proxy on port 8443, pass -domain example.com:8443
  • Forward requests from the reverse proxy to tootik.
    • Preserve the Signature header when forwarding POST requests to /inbox/$user, otherwise tootik cannot validate incoming requests
    • Preserve the Collection-Synchronization header when forwarding POST requests to /inbox/$user if you want follower synchronization to work (recommended)
Clone this wiki locally