Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Caddy configuration and explanation to 'SSL and HTTPS'.md docs #369

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Add Caddy configuration and explanation to 'SSL and HTTPS'.md docs #369

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9bd0723
Add Caddy configuration and explanation to 'SSL and HTTPS'.md docs
islewis Sep 10, 2023
a0dac24
Fix TSL/TLS typo
islewis Sep 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions docs/SSL and HTTPS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ I highly recommend [this article](https://medium.com/intrinsic/why-should-i-use-

## Example configurations

- [Nginx](#nginx)
- [Caddy](#caddy)

### nginx

- [Recommended configuration](#recommended-configuration)
Expand Down Expand Up @@ -164,3 +167,38 @@ server {
}
}
```

### Caddy
#### Recommended configuration

This configuration redirects all requests to the non-www domain `example.com`, securing connections via Caddy's [Automatic TSL/SSL](https://caddyserver.com/docs/automatic-https). If Ackee is serving over HTTP, modern browsers likely will block `/tracker.js` for mixed content, making HTTPS very valuble. In addition, it enables the correct [CORS headers](https://docs.ackee.electerious.com/#/docs/CORS%20headers).

> 👉 The CORS headers are required so your sites can send data to Ackee, even when their domain is different to the one Ackee uses.

It also includes an optional directive to only serve the analytics console to designated IP addresses. It does this by limiting non-designated IP's to `/tracker.js` and `/api`, the two pages necessary for analytics collection. This rule provides additional security if required. Uncommented directive to enable.

Be sure to substitute `example.com` and `example.ip.to.whitelist`, if whitelist is in use. `/tracker.js` must be changed as well if your tracking script has another name, set by the `ACKEE_TRACKER` variable.
```
example.com:443 {

# Change if Ackee is not running on default port
reverse_proxy :3000

header {
Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Methods: "GET, POST, PATCH, OPTIONS"
Access-Control-Allow-Headers: "Content-Type, Authorization, Time-Zone"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600
}

# Uncomment out the following to enable whitelisting for the analytics console
#@Denied {
# not client_ip private_ranges example.ip.to.whitelist
# not path /tracker.js /api
#}
#abort @Denied

}
```
To whitelist additional IP's, append them after example.ip.to.whitelist.