gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-10-19 22:58:52 +02:00
Code Issues Actions 119 Packages Projects Releases Wiki Activity

docs(user): mention reverse proxy config (closes #4910)

Browse Source
This commit is contained in:
Elian Doran 2025-10-13 18:32:02 +03:00
parent 36f5060855
commit 296b63d855
No known key found for this signature in database
12 changed files with 311 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/server/src/assets/doc_notes/en/User Guide/!!!meta.json generated vendored
View File

File diff suppressed because one or more lines are too long

72
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Apache using Docker.html generated vendored Normal file
View File

@ -0,0 +1,72 @@
<p>This tutorial assumes that you have created a DNS A record for <code>trilium.yourdomain.com</code> that
you want to use for your Trilium server.</p>
<h2>Docker setup</h2>
<p>Download docker image and create container</p><pre><code class="language-text-x-trilium-auto"> docker pull triliumnext/trilium:[VERSION]
docker create --name trilium -t -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:[VERSION]</code></pre>
<h2>Configuring the Apache proxy</h2>
<ol>
<li data-list-item-id="edcf1e8eaf68f39ab3b02a563d23ffca4">
<p>Enable apache proxy modules</p><pre><code class="language-text-x-trilium-auto"> a2enmod ssl
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel</code></pre>
</li>
<li data-list-item-id="e8c39c3bc1f275514ef6048afaaf707e7">
<p>Create a new let's encrypt certificate</p><pre><code class="language-text-x-trilium-auto"> sudo certbot certonly -d trilium.mydomain.com</code></pre>
<p>Choose standalone (2) and note the location of the created certificates
(typically /etc/letsencrypt/live/...)</p>
</li>
<li data-list-item-id="ed3cea3c4b554b37a54b09e4a4a6bcfae">
<p>Create a new virtual host file for apache (you may want to use <code>apachectl -S</code> to
determine the server root location, mine is /etc/apache2)</p><pre><code class="language-text-x-trilium-auto"> sudo nano /etc/apache2/sites-available/trilium.yourdomain.com.conf</code></pre>
<p>Paste (and customize) the following text into the configuration file</p><pre><code class="language-text-x-trilium-auto">
ServerName http://trilium.yourdomain.com
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ServerName https://trilium.yourdomain.com
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
SSLCertificateFile /etc/letsencrypt/live/trilium.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/trilium.yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</code></pre>
</li>
<li data-list-item-id="e5a7a78cf9d2aa51813ce21a9ca555c4d">Enable the virtual host with <code>sudo a2ensite trilium.yourdomain.com.conf</code>
</li>
<li data-list-item-id="eb0b41c876bcaf500601a725234c482e9">Reload apache2 with <code>sudo systemctl reload apache2</code>
</li>
</ol>
<h2>Configuring the trusted proxy</h2>
<p>After setting up a reverse proxy, make sure to configure the&nbsp;<a class="reference-link"
href="#root/vcjrb3VVYPZI/_help_LLzSMXACKhUs">Trusted proxy</a>.</p>
<h2>Setup the systemd service to start up the server</h2>
<p>Create and enable a systemd service to start the docker container on boot</p>
<ol>
<li data-list-item-id="e45d86d557e5197177815a90dfbbbae2c">
<p>Create a new empty file called <code>/lib/systemd/system/trilium.service</code> with
the contents</p><pre><code class="language-text-x-trilium-auto"> [Unit]
Description=Trilium Server
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a trilium
ExecStop=/usr/bin/docker stop -t 2 trilium
[Install]
WantedBy=local.target</code></pre>
</li>
<li data-list-item-id="efec9f13630080d6bc681f447d077c43c">
<p>Install, enable and start service</p><pre><code class="language-text-x-trilium-auto"> sudo systemctl daemon-reload
sudo systemctl enable trilium.service
sudo systemctl start trilium.service</code></pre>
</li>
</ol>

79
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Apache.html generated vendored
View File

@ -1,79 +0,0 @@
<p>I've assumed you have created a DNS A record for <code>trilium.yourdomain.com</code> that
you want to use for your Trilium server.</p>
<ol>
<li>
<p>Download docker image and create container</p><pre><code class="language-text-x-trilium-auto"> docker pull triliumnext/trilium:[VERSION]
docker create --name trilium -t -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:[VERSION]</code></pre>
</li>
<li>
<p>Configure Apache proxy and websocket proxy</p>
<ol>
<li>
<p>Enable apache proxy modules</p><pre><code class="language-text-x-trilium-auto"> a2enmod ssl
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel</code></pre>
</li>
<li>
<p>Create a new let's encrypt certificate</p><pre><code class="language-text-x-trilium-auto"> sudo certbot certonly -d trilium.mydomain.com</code></pre>
<p>Choose standalone (2) and note the location of the created certificates
(typically /etc/letsencrypt/live/...)</p>
</li>
<li>
<p>Create a new virtual host file for apache (you may want to use <code>apachectl -S</code> to
determine the server root location, mine is /etc/apache2)</p><pre><code class="language-text-x-trilium-auto"> sudo nano /etc/apache2/sites-available/trilium.yourdomain.com.conf</code></pre>
<p>Paste (and customize) the following text into the configuration file</p><pre><code class="language-text-x-trilium-auto">
ServerName http://trilium.yourdomain.com
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ServerName https://trilium.yourdomain.com
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
SSLCertificateFile /etc/letsencrypt/live/trilium.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/trilium.yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</code></pre>
</li>
<li>
<p>Enable the virtual host with <code>sudo a2ensite trilium.yourdomain.com.conf</code>
</p>
</li>
<li>
<p>Reload apache2 with <code>sudo systemctl reload apache2</code>
</p>
</li>
</ol>
</li>
<li>
<p>Create and enable a systemd service to start the docker container on boot</p>
<ol>
<li>
<p>Create a new empty file called <code>/lib/systemd/system/trilium.service</code> with
the contents</p><pre><code class="language-text-x-trilium-auto"> [Unit]
Description=Trilium Server
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a trilium
ExecStop=/usr/bin/docker stop -t 2 trilium
[Install]
WantedBy=local.target</code></pre>
</li>
<li>
<p>Install, enable and start service</p><pre><code class="language-text-x-trilium-auto"> sudo systemctl daemon-reload
sudo systemctl enable trilium.service
sudo systemctl start trilium.service</code></pre>
</li>
</ol>
</li>
</ol>

30
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Nginx.html generated vendored
View File

@ -1,14 +1,14 @@
<p>Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.</p>
<ol>
<li>
<p>Configure Nginx proxy and HTTPS. The operating system here is Ubuntu.</p>
<h2>Installing Nginx</h2>
<p>Download Nginx and remove Apache2</p><pre><code class="language-text-x-trilium-auto">sudo apt-get install nginx
sudo apt-get remove apache2</code></pre>
</li>
<li>
<p>Create configure file</p><pre><code class="language-text-x-trilium-auto">cd /etc/nginx/conf.d
<h2>Build the configuration file</h2>
<ol>
<li data-list-item-id="e13e11a7fc322c075930e523e2c7aa4d9">
<p>First, create the configuration file:</p><pre><code class="language-text-x-trilium-auto">cd /etc/nginx/conf.d
vim default.conf</code></pre>
</li>
<li>
<li data-list-item-id="e4f78909eb8e972cb53763daa3fc69333">
<p>Fill the file with the context shown below, part of the setting show be
changed. Then you can enjoy your web with HTTPS forced and proxy.</p><pre><code class="language-text-x-trilium-auto"># This part configures, where your Trilium server is running
upstream trilium {
@ -48,14 +48,16 @@ server {
return 301 https://$server_name$request_uri;
}</code></pre>
</li>
<li>
</ol>
<h2>Serving under a different path</h2>
<p>Alternatively if you want to serve the instance under a different path
(useful e.g. if you want to serve multiple instances), update the location
block like so:</p>
<ul>
<li>update the location with your desired path (make sure to not leave a trailing
<li data-list-item-id="e332fd2d3d68c160e471759fa76c542c9">update the location with your desired path (make sure to not leave a trailing
slash "/", if your <code>proxy_pass</code> does not end on a slash as well)</li>
<li>add the <code>proxy_cookie_path</code> directive with the same path: this
<li
data-list-item-id="e48363402721bba6392ba9ff3f45b16b6">add the <code>proxy_cookie_path</code> directive with the same path: this
allows you to stay logged in at multiple instances at the same time.</li>
</ul><pre><code class="language-text-x-trilium-auto"> location /trilium/instance-one {
rewrite /trilium/instance-one/(.*) /$1 break;
@ -68,7 +70,7 @@ server {
proxy_pass http://trilium;
proxy_cookie_path / /trilium/instance-one
proxy_read_timeout 90;
}
</code></pre>
</li>
</ol>
}</code></pre>
<h2>Configuring the trusted proxy</h2>
<p>After setting up a reverse proxy, make sure to configure the&nbsp;<a class="reference-link"
href="#root/vcjrb3VVYPZI/_help_LLzSMXACKhUs">Trusted proxy</a>.</p>

12
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Trusted proxy.html generated vendored Normal file
View File

@ -0,0 +1,12 @@
<p>If you are running the Trilium server under a <a href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/WOcw2SLH6tbX/_help_vcjrb3VVYPZI">reverse proxy</a>,
it's important to configure it as a trusted proxy so that the application
can correctly identify the real IP address of the clients (for authentication
and rate limiting purposes).</p>
<p>To do so, simply modify&nbsp;<a class="reference-link" href="#root/pOsGYCXsbNQG/tC7s2alapj8V/_help_Gzjqa934BdH4">Configuration (config.ini or environment variables)</a>&nbsp;and
set:</p><pre><code class="language-text-x-trilium-auto">[Network]
trustedReverseProxy=true</code></pre>
<p>This will use the left-most IP in the <code>X-Forwarded-For</code> header.
Alternatively, instead of <code>true</code> use the IP address of the reverse
proxy or Express.js shortcuts such as:</p><pre><code class="language-text-x-trilium-auto">loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7)</code></pre>
<p>For more information, consult <a href="https://expressjs.com/en/guide/behind-proxies.html">Express behind proxies</a>.</p>
<p>&nbsp;</p>

54
docs/User Guide/!!!meta.json vendored
View File

@ -747,6 +747,13 @@
"value": "nginx-proxy-setup",
"isInheritable": false,
"position": 10
},
{
"type": "relation",
"name": "internalLink",
"value": "LLzSMXACKhUs",
"isInheritable": false,
"position": 20
}
],
"format": "markdown",
@ -763,7 +770,7 @@
"vcjrb3VVYPZI",
"fDLvzOx29Pfg"
],
"title": "Apache",
"title": "Apache using Docker",
"notePosition": 20,
"prefix": null,
"isExpanded": false,
@ -776,10 +783,53 @@
"value": "apache-proxy-setup",
"isInheritable": false,
"position": 10
},
{
"type": "relation",
"name": "internalLink",
"value": "LLzSMXACKhUs",
"isInheritable": false,
"position": 20
}
],
"format": "markdown",
"dataFileName": "Apache.md",
"dataFileName": "Apache using Docker.md",
"attachments": []
},
{
"isClone": false,
"noteId": "LLzSMXACKhUs",
"notePath": [
"pOsGYCXsbNQG",
"Otzi9La2YAUX",
"WOcw2SLH6tbX",
"vcjrb3VVYPZI",
"LLzSMXACKhUs"
],
"title": "Trusted proxy",
"notePosition": 30,
"prefix": null,
"isExpanded": false,
"type": "text",
"mime": "text/html",
"attributes": [
{
"type": "relation",
"name": "internalLink",
"value": "vcjrb3VVYPZI",
"isInheritable": false,
"position": 10
},
{
"type": "relation",
"name": "internalLink",
"value": "Gzjqa934BdH4",
"isInheritable": false,
"position": 20
}
],
"format": "markdown",
"dataFileName": "Trusted proxy.md",
"attachments": []
}
]

2
docs/User Guide/User Guide/Installation & Setup/Server Installation.md vendored
View File

@ -76,4 +76,4 @@ client_max_body_size 0;
### Apache
For an Apache setup, refer to the [Apache proxy setup](Server%20Installation/2.%20Reverse%20proxy/Apache.md) guide.
For an Apache setup, refer to the [Apache proxy setup](Server%20Installation/2.%20Reverse%20proxy/Apache%20using%20Docker.md) guide.

2
docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.md vendored
View File

@ -109,7 +109,7 @@ If you want to run your instance in a non-default way, please use the volume swi
## Reverse Proxy
1. [Nginx](../2.%20Reverse%20proxy/Nginx.md)
2. [Apache](../2.%20Reverse%20proxy/Apache.md)
2. [Apache](../2.%20Reverse%20proxy/Apache%20using%20Docker.md)
### Note on --user Directive

91
docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Apache using Docker.md vendored Normal file
View File

@ -0,0 +1,91 @@
# Apache using Docker
This tutorial assumes that you have created a DNS A record for `trilium.yourdomain.com` that you want to use for your Trilium server.
## Docker setup
Download docker image and create container
```
docker pull triliumnext/trilium:[VERSION]
docker create --name trilium -t -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:[VERSION]
```
## Configuring the Apache proxy
1. Enable apache proxy modules
```
a2enmod ssl
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel
```
2. Create a new let's encrypt certificate
```
sudo certbot certonly -d trilium.mydomain.com
```
Choose standalone (2) and note the location of the created certificates (typically /etc/letsencrypt/live/...)
3. Create a new virtual host file for apache (you may want to use `apachectl -S` to determine the server root location, mine is /etc/apache2)
```
sudo nano /etc/apache2/sites-available/trilium.yourdomain.com.conf
```
Paste (and customize) the following text into the configuration file
```
ServerName http://trilium.yourdomain.com
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ServerName https://trilium.yourdomain.com
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
SSLCertificateFile /etc/letsencrypt/live/trilium.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/trilium.yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
```
4. Enable the virtual host with `sudo a2ensite trilium.yourdomain.com.conf`
5. Reload apache2 with `sudo systemctl reload apache2`
## Configuring the trusted proxy
After setting up a reverse proxy, make sure to configure the <a class="reference-link" href="Trusted%20proxy.md">Trusted proxy</a>.
## Setup the systemd service to start up the server
Create and enable a systemd service to start the docker container on boot
1. Create a new empty file called `/lib/systemd/system/trilium.service` with the contents
```
[Unit]
Description=Trilium Server
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a trilium
ExecStop=/usr/bin/docker stop -t 2 trilium
[Install]
WantedBy=local.target
```
2. Install, enable and start service
```
sudo systemctl daemon-reload
sudo systemctl enable trilium.service
sudo systemctl start trilium.service
```

81
docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Apache.md vendored
View File

@ -1,81 +0,0 @@
# Apache
I've assumed you have created a DNS A record for `trilium.yourdomain.com` that you want to use for your Trilium server.
1. Download docker image and create container
```
docker pull triliumnext/trilium:[VERSION]
docker create --name trilium -t -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:[VERSION]
```
2. Configure Apache proxy and websocket proxy
1. Enable apache proxy modules
```
a2enmod ssl
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel
```
2. Create a new let's encrypt certificate
```
sudo certbot certonly -d trilium.mydomain.com
```
Choose standalone (2) and note the location of the created certificates (typically /etc/letsencrypt/live/...)
3. Create a new virtual host file for apache (you may want to use `apachectl -S` to determine the server root location, mine is /etc/apache2)
```
sudo nano /etc/apache2/sites-available/trilium.yourdomain.com.conf
```
Paste (and customize) the following text into the configuration file
```
ServerName http://trilium.yourdomain.com
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ServerName https://trilium.yourdomain.com
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
SSLCertificateFile /etc/letsencrypt/live/trilium.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/trilium.yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
```
4. Enable the virtual host with `sudo a2ensite trilium.yourdomain.com.conf`
5. Reload apache2 with `sudo systemctl reload apache2`
3. Create and enable a systemd service to start the docker container on boot
1. Create a new empty file called `/lib/systemd/system/trilium.service` with the contents
```
[Unit]
Description=Trilium Server
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a trilium
ExecStop=/usr/bin/docker stop -t 2 trilium
[Install]
WantedBy=local.target
```
2. Install, enable and start service
```
sudo systemctl daemon-reload
sudo systemctl enable trilium.service
sudo systemctl start trilium.service
```

23
docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Nginx.md vendored
View File

@ -1,19 +1,24 @@
# Nginx
Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
Configure Nginx proxy and HTTPS. The operating system here is Ubuntu.
1. Download Nginx and remove Apache2
## Installing Nginx
Download Nginx and remove Apache2
```
sudo apt-get install nginx
sudo apt-get remove apache2
```
2. Create configure file
## Build the configuration file
1. First, create the configuration file:
```
cd /etc/nginx/conf.d
vim default.conf
```
3. Fill the file with the context shown below, part of the setting show be changed. Then you can enjoy your web with HTTPS forced and proxy.
2. Fill the file with the context shown below, part of the setting show be changed. Then you can enjoy your web with HTTPS forced and proxy.
```
# This part configures, where your Trilium server is running
@ -54,7 +59,10 @@ Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
return 301 https://$server_name$request_uri;
}
```
4. Alternatively if you want to serve the instance under a different path (useful e.g. if you want to serve multiple instances), update the location block like so:
## Serving under a different path
Alternatively if you want to serve the instance under a different path (useful e.g. if you want to serve multiple instances), update the location block like so:
* update the location with your desired path (make sure to not leave a trailing slash "/", if your `proxy_pass` does not end on a slash as well)
* add the `proxy_cookie_path` directive with the same path: this allows you to stay logged in at multiple instances at the same time.
@ -72,5 +80,8 @@ Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
proxy_cookie_path / /trilium/instance-one
proxy_read_timeout 90;
}
```
## Configuring the trusted proxy
After setting up a reverse proxy, make sure to configure the <a class="reference-link" href="Trusted%20proxy.md">Trusted proxy</a>.

17
docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Trusted proxy.md vendored Normal file
View File

@ -0,0 +1,17 @@
# Trusted proxy
If you are running the Trilium server under a [reverse proxy](../2.%20Reverse%20proxy), it's important to configure it as a trusted proxy so that the application can correctly identify the real IP address of the clients (for authentication and rate limiting purposes).
To do so, simply modify <a class="reference-link" href="../../../Advanced%20Usage/Configuration%20(config.ini%20or%20e.md">Configuration (config.ini or environment variables)</a> and set:
```
[Network]
trustedReverseProxy=true
```
This will use the left-most IP in the `X-Forwarded-For` header. Alternatively, instead of `true` use the IP address of the reverse proxy or Express.js shortcuts such as:
```
loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7)
```
For more information, consult [Express behind proxies](https://expressjs.com/en/guide/behind-proxies.html).