Relaying can indeed not be proxied like that. Discovery can, however. This is what we’re using for the public servers:
Nginx with appropriate TLS config plus the following site definition, one for IPv4 and one for IPv6:
server {
listen [2a03:b0c0:0:1010::4ed:3001]:443 ssl;
server_name localhost;
proxy_cache discosrv-v6;
proxy_cache_valid 200 404 1m;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
access_log off;
location /v2 {
proxy_pass http://127.0.0.1:9093;
proxy_set_header X-SSL-Cert $ssl_client_cert;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
which then proxies to a discosrv instance:
#!/bin/sh
ulimit -n 10240
exec setuidgid discosrv /usr/local/bin/stdiscosrv \
-db-backend=postgres \
-db-dsn=postgres://discosrv:...@localhost/discosrv-v013-v6 \
-limit-avg=5 \
-limit-burst=10 \
-limit-cache=40000 \
-listen="127.0.0.1:9093" \
-http
The magic part for discosrv is the -http one.
I’ve considered docker-composing the nginx plus postgresql plus discosrv setup, but it’s been too much work for too little so far.