Reverse proxy configurations

Reverse Proxy Configurations

1. Simple without subdirectory
2. Simple with COPS accessible in "subdirectory"
3. Complex with multiple entrypoints

Simple without subdirectory

flowchart LR
  client((Internet))
  proxy[Reverse Proxy\nhttps://www.site.com/]
  cops[COPS\nhttp://127.0.0.1:8080/]
  client --> proxy --> cops

Loading

No change needed in config_local.php

Simple with COPS accessible in "subdirectory"

flowchart LR
  client((Internet))
  proxy[Reverse Proxy\nhttps://www.site.com/cops/]
  cops[COPS\nhttp://127.0.0.1:8080/]
  client --> proxy --> cops

Loading

Specify cops_full_url in config_local.php:

// specify proxy prefix
$config['cops_full_url'] = '/cops/';
// or with full host url
//$config['cops_full_url'] = 'https://www.site.com/cops/';

Complex with multiple entrypoints

flowchart LR
  client((Internet))
  proxy[Reverse Proxy\nhttps://www.site.com/books/]
  cops[COPS\nhttp://172.18.0.2/]
  docker[Docker\nhttp://172.17.0.1/cops/]
  internal((Internal))
  direct((Direct))
  client --> proxy --> docker --> cops
  internal --> docker
  direct --> cops

Loading

a. Specify cops_trusted_proxies and cops_trusted_headers in config_local.php:

// specify trusted proxies (add as needed)
$config['cops_trusted_proxies'] = '172.18.0.1';
// specify trusted headers (adapt based on proxy configuration)
$config['cops_trusted_headers'] = ['x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-prefix'];

See https://symfony.com/doc/current/deployment/proxies.html for more information

b. Or add some logic in config_local.php to adapt cops_full_url based on server request:

if ($_SERVER['REMOTE_ADDR'] === '172.18.0.1') {
    $via = $_SERVER['HTTP_X_FORWARDED_HOST'] ?? '';
    if ($via === 'www.site.com') {
        $config['cops_full_url'] = 'https://www.site.com/books/';
    } elseif ($via === '172.17.0.1') {
        $config['cops_full_url'] = 'http://172.17.0.1/cops/';
    }
}