Documentation

Access Tamari from behind a reverse proxy

Here is a sample Nginx config (/etc/nginx/conf.d/default.conf).

server {
	listen 80;
	server_name tamari.example.com;
	return 301 https://tamari.example.com$request_uri;
}
server {
	listen 443 ssl;
	server_name tamari.example.com;
	ssl on;
	client_max_body_size 400M;
	
	location / {
		proxy_pass		http://127.0.0.1:4888;
		proxy_set_header Host $http_host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
		proxy_redirect http://$http_host/ https://$http_host/;
	}
	ssl_certificate /etc/ssl/certs/tamari.example.com/fullchain.pem;
	ssl_certificate_key /etc/ssl/certs/tamari.example.com/privkey.pem;
}

This forces SSL, causes Flask url_for to build urls using subdomain instead of localhost, and prevents http resources from being blocked by browsers. An SSL certificate for your domain is required.