Reverse Proxy Setup
This documentation applies when OneDev is running in container or running on virtual machine/bare metal
You may configure OneDev to run behind Nginx or Apache Httpd to do reverse proxying. Below procedure assumes you are running Nginx or Apache Httpd on Ubuntu:
Nginx
-
Assume your OneDev instance runs at port 6610, and you want to access it via http://onedev.example.com. Create a file named onedev.example.com with below content under directory /etc/nginx/sites-available:
server {
listen 80;
listen [::]:80;
server_name onedev.example.com;
# no size limit of uploaded file
client_max_body_size 0;
location /wicket/websocket {
proxy_pass http://localhost:6610/wicket/websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /~server {
proxy_pass http://localhost:6610/~server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /~api/streaming {
proxy_pass http://localhost:6610/~api/streaming;
proxy_buffering off;
}
location / {
proxy_pass http://localhost:6610;
}
} -
Then, enable this site and restart Nginx server:
sudo ln -s /etc/nginx/sites-available/git.example.com /etc/nginx/sites-enabled/onedev.example.com
sudo service nginx restart
Apache Httpd
-
Make sure you have Apache httpd server version 2.4.5 or higher installed
-
Enable mod_proxy by running:
sudo a2enmod proxy_http -
Enable mod_proxy_wstunnel by running:
sudo a2enmod proxy_wstunnel -
Now assume your OneDev instance runs at port 6610, and you want to access it via http://onedev.example.com. Create a file named onedev.example.com.conf with below content under /etc/apache2/sites-available:
<VirtualHost *:80>
ServerName onedev.example.com
ProxyRequests Off
ProxyPreserveHost Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyWebsocketFallbackToProxyHttp off
ProxyPass /wicket/websocket ws://localhost:6610/wicket/websocket
ProxyPass /~server ws://localhost:6610/~server
ProxyPass / http://localhost:6610/
ProxyPassReverse / http://localhost:6610/
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog /var/log/apache2/onedev-error.log
CustomLog /var/log/apache2/onedev-access.log combined
LogLevel warn
</VirtualHost> -
Then, enable this site and restart Apache httpd server:
sudo a2ensite onedev.example.com.conf
sudo service apache2 restart
Traefik 3.x
An example traefik 3.x setup:
traefik.yml:
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
transport:
respondingTimeouts: # Increase timeout to handle push/pull of large git repositories
readTimeout: 600s
writeTimeout: 600s
idleTimeout: 600s
certificatesResolvers:
letsencrypt:
acme:
email: [email protected] # Change this
storage: "acme.json"
httpChallenge:
entryPoint: web
providers:
file:
filename: "./dynamic.yml"
dynamic.yml:
http:
routers:
onedev:
entryPoints:
- websecure
rule: "Host(`onedev.example.com`)" # Change this
service: onedev-service
tls:
certResolver: letsencrypt
services:
onedev-service:
loadBalancer:
servers:
- url: "http://localhost:6610"
Caddy Server
Running OneDev behind Caddy server is really simple, just start your caddy server as a reverse proxy:
caddy reverse-proxy --from onedev.example.com --to localhost:6610
Here we assume that OneDev is running at port 6610, and also you have a DNS record mapping onedev.example.com to ip address of the machine running OneDev and Caddy server