I have followed the setup instructions for an Apache reverse proxy in the Publish docs.
We have a licensed copy of Publish.
I have set up an Apache reverse proxy for our Obsidian Publish site, and it works quite well. The main reason for this was password management, as we post some confidential information (e.g. employee names and contact details) in Publish. We intend for this to be only available to employees, so we needed an easy way to create unique usernames and passwords for all staff, and also easily decommission it in case they leave our employ. We are hosting the reverse proxy on a server in a hosting center in Johannesburg, South Africa. Our DNS setup is hosted in Cloudflare.
However, after implementing this, I had some issues and questions raised:
- Some staff have complained that access to the site is slower for them than before.
- Some staff have complained that they are not seeing changes to the pages when updates to the site is done. Clearing the browser cache fixes this, so it appears to be a caching issue.
- Is it possible to keep the password that Publish allows us to set on the site and have the proxy pass it when the request is done?
- Are there any other general security tips when it comes to Publish?
The proxy configuration is as follows:
SSLProxyEngine On RewriteEngine on RewriteRule "^(.*)$" "https://publish.obsidian.md/serve?url=our.domain/$1" [L,P] <Location /> SSLOptions +StdEnvVars AuthType Digest AuthName "<REMOVED" AuthDigestDomain / https://our.domain/ AuthUserFile <REMOVED> Order allow,deny Allow from all Require valid-user </Location>
Thanks a lot