overleaf-toolkit/doc/tls-proxy.md

## TLS Proxy for Overleaf Toolkit environment

An optional TLS proxy for terminating https connections, based on NGINX.

Run `bin/init --tls` to initialise local configuration with NGINX proxy configuration, or to add NGINX proxy configuration to an existing local configuration. A sample private key is created in `config/nginx/certs/overleaf_key.pem` and a dummy certificate in `config/nginx/certs/overleaf_certificate.pem`. Either replace these with your actual private key and certificate, or set the values of the `TLS_PRIVATE_KEY_PATH` and `TLS_CERTIFICATE_PATH` variables to the paths of your actual private key and certificate respectively.

A default config for NGINX is provided in `config/nginx/nginx.conf` which may be customised to your requirements. The path to the config file can be changed with the `NGINX_CONFIG_PATH` variable.

In order for Overleaf to run correctly behind the proxy, the following variables should be uncommented in `config/variables.env`
```
SHARELATEX_BEHIND_PROXY=true
SHARELATEX_SECURE_COOKIE=true
```
Add the following section to your `config/overleaf.rc` file if it is not there already:
```
# TLS proxy configuration (optional)
# See documentation in doc/tls-proxy.md
NGINX_ENABLED=false
NGINX_CONFIG_PATH=config/nginx/nginx.conf
TLS_PRIVATE_KEY_PATH=config/nginx/certs/overleaf_key.pem
TLS_CERTIFICATE_PATH=config/nginx/certs/overleaf_certificate.pem
TLS_PORT=443
```
 In order to run the proxy, change the value of the `NGINX_ENABLED` variable in `config/overleaf.rc` from `false` to `true` and re-run `bin/up`.


When the [SHARELATEX_PORT](overleaf-rc.md#sharelatex_port) variable is set, the port in the `proxy_pass` statement in `nginx.conf` needs to be changed to match.

By default the https web interface will be available on `https://localhost:443`. The port can be changed via the `TLS_PORT` variable.
Add a TLS proxy option to the Toolkit 2021-04-08 11:56:10 +01:00			`## TLS Proxy for Overleaf Toolkit environment`

Update the TLS proxy documentation to cover bring your own cert 2021-04-22 09:12:06 +01:00			`An optional TLS proxy for terminating https connections, based on NGINX.`
Add a TLS proxy option to the Toolkit 2021-04-08 11:56:10 +01:00
Make TLS config optional 2021-04-27 10:14:29 +01:00			Run `bin/init --tls` to initialise local configuration with NGINX proxy configuration, or to add NGINX proxy configuration to an existing local configuration. A sample private key is created in `config/nginx/certs/overleaf_key.pem` and a dummy certificate in `config/nginx/certs/overleaf_certificate.pem`. Either replace these with your actual private key and certificate, or set the values of the `TLS_PRIVATE_KEY_PATH` and `TLS_CERTIFICATE_PATH` variables to the paths of your actual private key and certificate respectively.
Add a TLS proxy option to the Toolkit 2021-04-08 11:56:10 +01:00
Update the TLS proxy documentation to cover bring your own cert 2021-04-22 09:12:06 +01:00			A default config for NGINX is provided in `config/nginx/nginx.conf` which may be customised to your requirements. The path to the config file can be changed with the `NGINX_CONFIG_PATH` variable.
Add a TLS proxy option to the Toolkit 2021-04-08 11:56:10 +01:00
Variables for running Overleaf behind a proxy 2021-04-27 10:47:39 +01:00			In order for Overleaf to run correctly behind the proxy, the following variables should be uncommented in `config/variables.env`
			```
			`SHARELATEX_BEHIND_PROXY=true`
			`SHARELATEX_SECURE_COOKIE=true`
			```
Cover enabling and starting TLS proxy in docs 2021-05-10 11:53:11 +01:00			Add the following section to your `config/overleaf.rc` file if it is not there already:
			```
			`# TLS proxy configuration (optional)`
			`# See documentation in doc/tls-proxy.md`
			`NGINX_ENABLED=false`
			`NGINX_CONFIG_PATH=config/nginx/nginx.conf`
			`TLS_PRIVATE_KEY_PATH=config/nginx/certs/overleaf_key.pem`
			`TLS_CERTIFICATE_PATH=config/nginx/certs/overleaf_certificate.pem`
			`TLS_PORT=443`
			```
			In order to run the proxy, change the value of the `NGINX_ENABLED` variable in `config/overleaf.rc` from `false` to `true` and re-run `bin/up`.

Variables for running Overleaf behind a proxy 2021-04-27 10:47:39 +01:00
Clarify when to change the proxy_pass 2021-04-26 11:16:40 +01:00			When the [SHARELATEX_PORT](overleaf-rc.md#sharelatex_port) variable is set, the port in the `proxy_pass` statement in `nginx.conf` needs to be changed to match.

			By default the https web interface will be available on `https://localhost:443`. The port can be changed via the `TLS_PORT` variable.