Skip to main content

Reverse Proxy Setup

info

This documentation applies when OneDev is running in container or running on virtual machine/bare metal

You may configure OneDev to run behind Nginx or Apache Httpd to do reverse proxying. Below procedure assumes you are running Nginx or Apache Httpd on Ubuntu:

Nginx

  1. Assume your OneDev instance runs at port 6610, and you want to access it via http://onedev.example.com. Create a file named onedev.example.com with below content under directory /etc/nginx/sites-available:

    server {
        listen 80;
        listen [::]:80;

        server_name onedev.example.com;

        # no size limit of uploaded file
        client_max_body_size 0;

        location /wicket/websocket {
                proxy_pass http://localhost:6610/wicket/websocket;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

        location /~server {
                proxy_pass http://localhost:6610/~server;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

        location /~api/streaming {
                proxy_pass http://localhost:6610/~api/streaming;
                proxy_buffering off;
        }

        location / {
                proxy_pass http://localhost:6610;
        }
    }

  2. Then, enable this site and restart Nginx server:

    sudo ln -s /etc/nginx/sites-available/git.example.com /etc/nginx/sites-enabled/onedev.example.com
    sudo service nginx restart

Apache Httpd

  1. Make sure you have Apache httpd server version 2.4.5 or higher installed

  2. Enable mod_proxy by running:

    sudo a2enmod proxy_http

  3. Enable mod_proxy_wstunnel by running:

    sudo a2enmod proxy_wstunnel

  4. Now assume your OneDev instance runs at port 6610, and you want to access it via http://onedev.example.com. Create a file named onedev.example.com.conf with below content under /etc/apache2/sites-available:

    <VirtualHost *:80>
            ServerName onedev.example.com

            ProxyRequests Off

            ProxyPreserveHost Off

            <Proxy *>
                    Order deny,allow
                    Allow from all
            </Proxy>

            ProxyWebsocketFallbackToProxyHttp off
            ProxyPass /wicket/websocket ws://localhost:6610/wicket/websocket
            ProxyPass /~server ws://localhost:6610/~server
            ProxyPass / http://localhost:6610/
            ProxyPassReverse / http://localhost:6610/

            <Location />
                    Order allow,deny
                    Allow from all
            </Location>

            ErrorLog /var/log/apache2/onedev-error.log
            CustomLog /var/log/apache2/onedev-access.log combined
            LogLevel warn
    </VirtualHost>

  5. Then, enable this site and restart Apache httpd server:

    sudo a2ensite onedev.example.com.conf
    sudo service apache2 restart

Traefik 3.x

An example traefik 3.x setup:

traefik.yml:

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true

  websecure:
    address: ":443"
    transport:
      respondingTimeouts: # Increase timeout to handle push/pull of large git repositories
        readTimeout: 600s
        writeTimeout: 600s
        idleTimeout: 600s

certificatesResolvers:
  letsencrypt:
    acme:
      email: [email protected] # Change this
      storage: "acme.json"
      httpChallenge:
        entryPoint: web

providers:
  file:
    filename: "./dynamic.yml"

dynamic.yml:

http:
  routers:
    onedev:
      entryPoints:
        - websecure
      rule: "Host(`onedev.example.com`)"  # Change this
      service: onedev-service
      tls:
        certResolver: letsencrypt

  services:
    onedev-service:
      loadBalancer:
        servers:
        - url: "http://localhost:6610"

Caddy Server

Running OneDev behind Caddy server is really simple, just start your caddy server as a reverse proxy:

    caddy reverse-proxy --from onedev.example.com --to localhost:6610
info

Here we assume that OneDev is running at port 6610, and also you have a DNS record mapping onedev.example.com to ip address of the machine running OneDev and Caddy server

IIS

Install IIS and Prerequisites

Windows Server

  1. Open Server Manager
  2. Click on Manage
  3. Select Add Roles and Features
  4. Navigate to Server Roles
  5. Select Web Server (IIS)
  6. Expand Web Server
    1. Expand Application Development
      1. Select WebSocket Protocol
  7. Install the Windows Features
  8. Install Aplication Request Routing
  9. Install URL Rewrite

Windows 10/11

  1. Open Turn Windows features on or off
  2. Place a checkmark on Internet Information Services
  3. Exand Internet Information Services
    1. Expand World Wide Services
      1. Expand World Wide Web Services
        1. Expand Application Development Features
        2. Select WebSocket Protocol
  4. Click OK
  5. Install Aplication Request Routing
  6. Install URL Rewrite

Configuring IIS

  1. Open IIS Manager, expand Sites and create a new site

    1. Set Site Name to your preferred site name

    2. Set your Physical Path to the your preferred location (e.g.: C:\inetpub\wwwroot\onedev)

    3. Set Binding to http

      1. If you prefer to use https, you'd need to ensure you have a valid certificate in the computer certificate store.
      info

      Configuring HTTPS for IIS is outside of the scope for this guide.

    4. Set Host name to your preferred host name (e.g.: git.mydomain.com)

    5. Create a new file called web.config at the root of your Physical Path and copy/paste the following:

      1. For HTTP you can use the following example:

        <configuration>
        <system.webServer>
            <rewrite>
            <rules>
                <rule name="WebSocket" stopProcessing="true">
                <match url="wicket/websocket/(.*)" />
                <action type="Rewrite" url="ws://localhost:6610/wicket/websocket/{R:1}" />
                </rule>
                <rule name="Server" stopProcessing="true">
                <match url="~server/(.*)" />
                <action type="Rewrite" url="ws://localhost:6610/~server/{R:1}" />
                </rule>
                <rule name="Default" stopProcessing="true">
                <match url="(.*)" />
                <action type="Rewrite" url="http://localhost:6610/{R:1}" />
                </rule>
            </rules>
            </rewrite>
        </system.webServer>
        </configuration>

      2. For HTTPS you can use the following example:

        <configuration>
        <system.webServer>
            <rewrite>
            <rules>
                <rule name="WebSocket" stopProcessing="true">
                <match url="wicket/websocket/(.*)" />
                <action type="Rewrite" url="wss://localhost:6610/wicket/websocket/{R:1}" />
                </rule>
                <rule name="Server" stopProcessing="true">
                <match url="~server/(.*)" />
                <action type="Rewrite" url="wss://localhost:6610/~server/{R:1}" />
                </rule>
                <rule name="Default" stopProcessing="true">
                <match url="(.*)" />
                <action type="Rewrite" url="http://localhost:6610/{R:1}" />
                </rule>
            </rules>
            </rewrite>
        </system.webServer>
        </configuration>
    info

    The web.config was made using the provided NGINX and Apache examples. You might need to make changes according to your environment.

  2. Restart your web server and verify that you can access your OneDev instance.