Reverse Proxy
It is recommended to serve FMD Server using a reverse proxy, such as Apache, Caddy, or nginx. This gives you more fine-grained control over the web server.
Example config files
-
Caddy:
fmd.example.com {
reverse_proxy localhost:8080
}
Configure TLS
FMD Server must be served over TLS. In particular, the web interface will only work over HTTP on localhost. On all other origins the web interface only works over HTTPS.
This is a requirement of the WebCrypto API. FMD Server's API (and hence the app) always works over HTTP - but this is highly discouraged in production.
Therefore, configure your reverse proxy to use TLS.
Hosting in a subdirectory
The FMD Server binary assumes that request paths start at the root ("/").
That is, it assumes that you host FMD Server on a (sub-)domain, e.g., https://fmd.example.com.
If you host FMD Server in a subdirectory, e.g., https://example.com/fmd/, you need to configure
your proxy to strip the subdirectory before forwarding the request to the backend.
FMD Server does not know how to handle /fmd/api/, it only knows about /api/.
Common issues
When uploading pictures you might see HTTP 413 errors in your proxy logs ("Content Too Large"). To fix this, increase the maximum body size, e.g to 20 MB. With nginx:
client_max_body_size 20m;
Without Reverse Proxy
This setup is not recommended and provided for your convenience only.
If you don't want to use a reverse proxy, FMD Server can terminate TLS for you. However, you need to manage (and regularly renew!) the certificates.
-
Get a TLS certificate for your domain.
-
Set the
ServerCrtandServerKeyin the config file. -
In Docker: Mount the certificate and the private key into the container.
# other lines omitted
volumes:
- ./server.crt:/etc/fmd-server/server.crt:ro
- ./server.key:/etc/fmd-server/server.key:ro