While it is technically possible to run automua without a web server in front of it, I do not recommend doing that in a production environment. A web server can provide features automua was designed not to have. Features such as transport layer encryption for HTTPS (required for [Mobileconfig]) or, for example, the capability to rate-limit clients are handled very well by full-fledged web servers working as reverse proxies. It would be a waste to re-implement all this in a web service.
This section will explain how to configure a web server as a reverse proxy in front of automua. Before you set up the proxy you need to tell automua it operates behind one.
Add the proxy_count parameter to your automua configuration file or uncomment the parameter if it is already there:
[automua]
# A typical production setup would use loglevel = WARNING
loglevel = WARNING
# Disable SQL command echo. (1)
db_echo = no
# SQLite database in a UNIX-like file system
db_uri = sqlite:////var/lib/automua/db.sqlite
# Number of proxy servers between automua and the client (default: 0).
# If your logs only show 127.0.0.1 or ::1 as the source IP for incoming
# connections, proxy_count probably needs to be changed. (2)
proxy_count = 1-
Echoing SQL commands is only meant for debugging purposes.
-
Set the number to reflect the number of proxies chained in front of automua, i.e. the number of "proxy hops" a client’s request must pass before it reaches automua.
The following example defines a HTTP server, which will listen for requests to both autoconfig.example.com and autodiscover.example.com.
All requests will be forwarded to automua, which listens on TCP port 4243 in this example.
Requests to /initdb are restricted to clients connecting from the local host.
The
proxy_set_header directives will cause NGINX to pass relevant data about incoming requests' origins.
link:../contrib/nginx-sample.conf[role=include]