Reverse proxy setup¶

Securing your bot with SSL/TLS encryption is strongly recommended.

To do this, you need:

An FQDN (e.g. example.com)
To set up a web server as a reverse proxy

Tip

If your bot is running on a supported port, you can use Cloudflare's Proxy and free SSL/TLS instead.

If you already have a domain and know how to create an HTTPS proxy, you can safely skip this page. If not, there are several options available:

	Traefik	Nginx	Caddy	PebbleHost
Difficulty	Most difficult	Moderate	Easy	Easy
Bot installations	Docker only	Any	Any	PebbleHost only

Make sure you set the bot's HTTP_TRUST_PROXY environment variable to true.

Caddy 2 (recommended)¶

If you already have Caddy running, update your existing configuration and use caddy reload instead.

First, install Caddy, then open the Caddyfile and edit the domain.

Caddyfile
tickets.example.com {
    reverse_proxy 127.0.0.1:8169
}

Now start Caddy:

1	`sudo caddy start`

Nginx¶

Community guides¶

Nginx installation

How to install Nginx on various Linux distributions.

DigitalOcean Community
Securing Nginx

How to secure Nginx with Let's Encrypt on various Linux distributions.

DigitalOcean Community

Configuration¶

This example will proxy traffic from http://tickets.example.com to your bot. To secure the connection, refer to the guides linked above.

/etc/nginx/sites-available/tickets.example.com
server {
    listen 80;
    listen [::]:80;(1)

    server_name tickets.example.com;(2)

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:8169;(3)
    }
}

Remove this line if you don't have IPv6 networking.
Replace this with the FQDN that you set in your bot's HTTP_EXTERNAL environment variable.
Change the port to match your bot's HTTP_PORT environment variable. Also, change the IP address if the bot is running on a different server.

Traefik¶

Documentation¶

Traefik quick start

A quick start guide to adding Traefik to your existing docker-compose.yml file.

Traefik Documentation
Traefik configuration

How to use Traefik with Docker Compose.

Traefik Documentation

Configuration¶

This example shows the labels you may need to add to the bot service in your docker-compose.yml file. Refer to the documentation linked above for more information.

docker-compose.yml

labels:
  - "traefik.enable=true"
  - "traefik.docker.network=traefik_network"
  - "traefik.http.routers.tickets.entrypoints=websecure"
  - "traefik.http.routers.tickets.rule=Host(`tickets.example.com`)"
  - "traefik.http.services.tickets.loadbalancer.server.port=8169"

PebbleHost¶

PebbleHost Reverse Proxy

How to set up a reverse proxy on PebbleHost.

PebbleHost Knowledgebase

Reverse proxy setup¶

Caddy 2 (recommended)¶

Nginx¶

Community guides¶

Configuration¶

Traefik¶

Documentation¶

Configuration¶

PebbleHost¶

Comments

Let's compare