Network
Firefly should be run via a Reverse Proxy, allowing you to isolate and wrap connections in SSL. See NGINX for more details. See Setup Base Proxy Control for basic proxy configuration.
Set firefly_trusted_proxies to ** or specific proxy IP before enabling
the reverse-proxy.
Ports
---
###############################################################################
# Ports Configuration
###############################################################################
# Ports should be managed externally via an OS role.
#
# Reference:
# * https://docs.ansible.com/ansible/latest/collections/community/general/ufw_module.html
ports:
- {proto: 'tcp', from_ip: 'any', to_port: 80, direction: 'in', comment: 'firefly http'}
Using Subdomains
0644 root root
nginx/conf.d/reverse-proxy.confserver {
listen 443 ssl http2;
server_name firefly.{DOMAIN} firefly;
location / {
proxy_bind {PROXY IP ON FIREFLY NETWORK};
proxy_pass http://firefly/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
Using Subpath
0644 root root
nginx/conf.d/reverse-proxy.conflocation ^~ /firefly/ {
deny all;
}
location ^~ /budget {
alias /var/www/html/firefly-iii/public;
try_files $uri $uri/ @budget;
location ~* \.php(?:$|/) {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
}
}
location @budget {
rewrite ^/budget/(.*)$ /budget/index.php/$1 last;
}