User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:grist [2025/01/22 15:20] – [Reverse Proxy] willyservices:grist [2025/03/13 14:59] (current) – [Reverse Proxy] willy
Line 23: Line 23:
       - GRIST_SESSION_SECRET=here_write_a_secret_passcode       - GRIST_SESSION_SECRET=here_write_a_secret_passcode
       - GRIST_DEFAULT_EMAIL=me@mydomain.com       - GRIST_DEFAULT_EMAIL=me@mydomain.com
-      - APP_HOME_URL=https://grist.mydomain.com/+      - GRIST_FORWARD_AUTH_HEADER=Remote-Email 
 +      - GRIST_PROXY_AUTH_HEADER=Remote-Email 
 +      - APP_HOME_URL=https://grist.mydomain.com 
 +      - APP_DOC_URL=https://grist.mydomain.com 
 +      - GRIST_IGNORE_SESSION=true    
     stdin_open: true     stdin_open: true
     tty: true     tty: true
Line 34: Line 38:
 </file> </file>
  
-Remember to set an available port (8484)!+Remember to set an available port (8484)! I have not been able to make grist run as user //grist// inside the container, it will run as user 1001. This is not an issue, just a cosmetic annoyance.
  
 Now pull it: Now pull it:
Line 44: Line 48:
 ==== Single Sign On ==== ==== Single Sign On ====
  
-...+Grist will happily inherit your SSO authentication from the reverse proxy, the key point are the following settings in your docker compose: 
 +<code> 
 +      - GRIST_FORWARD_AUTH_HEADER=Remote-Email 
 +      - GRIST_PROXY_AUTH_HEADER=Remote-Email 
 +      - GRIST_IGNORE_SESSION=true     
 +</code>
  
 +If you need //multiple// users, each one with it's own Grist user you will need to remove the GRIST_IGNORE_SESSION setting.
  
 ==== Reverse Proxy ==== ==== Reverse Proxy ====
Line 63: Line 73:
         access_log /var/log/nginx/grist.mydomain.com_access_log main;         access_log /var/log/nginx/grist.mydomain.com_access_log main;
         error_log /var/log/nginx/grist.mydomain.com_error_log info;         error_log /var/log/nginx/grist.mydomain.com_error_log info;
 +
 +        include "com.mydomain/authelia_location.conf";
  
          location / {          location / {
-          proxy_pass http://127.0.0.1:8484; +                include "com.mydomain/authelia_proxy.conf"; 
-          proxy_set_header Host $host; +                include "com.mydomain/authelia_authrequest.conf"; 
-          proxy_set_header X-Real-IP $remote_addr; + 
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +                proxy_pass http://127.0.0.1:8484; 
-          proxy_set_header X-Forwarded-Proto $scheme; +                proxy_set_header Host $host; 
-          proxy_set_header Upgrade $http_upgrade; +                proxy_set_header X-Real-IP $remote_addr; 
-          proxy_set_header Connection "upgrade"; +                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
-      }+                proxy_set_header X-Forwarded-Proto $scheme; 
 +                proxy_set_header Upgrade $http_upgrade; 
 +                proxy_set_header Connection "upgrade"; 
 +    }
 } }
 </file> </file>
 +
 +This will enable Authelia SSO (see [[selfhost:sso|here]] for your Grist installation as well.
  
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information