diff --git a/README.md b/README.md index 96c08b6..23b366c 100644 --- a/README.md +++ b/README.md @@ -37,17 +37,18 @@ The browser opens automatically at `http://127.0.0.1:5000/v/local/`. ### Docker (host for other players) -Designed to run **behind nginx Proxy Manager** — the container port is not published publicly by default. +Runs behind **nginx Proxy Manager**. By default the container publishes port **5000** on the host so NPM can forward to `http://:5000` (e.g. `http://172.16.10.20:5000`). ```powershell docker compose up -d --build ``` -1. Attach the `viewer` service to your NPM Docker network (see `docker-compose.yml` comments). -2. In NPM: new Proxy Host → forward to `viewer:5000`, enable SSL. -3. Open your public URL → **Create my viewer** -4. Save the personal link (bookmark) — **without the link, data cannot be recovered** (no login) -5. Import backups in the browser +1. In NPM: Proxy Host → `http://:5000`, enable SSL, Force SSL. +2. Open your public URL → **Create my viewer** +3. Save the personal link (bookmark) — **without the link, data cannot be recovered** (no login) +4. Import backups in the browser + +**Alternative:** If NPM runs on the **same Docker host**, you can remove the `ports` mapping, attach the `viewer` service to the NPM network (see `docker-compose.yml` comments), and proxy to `http://viewer:5000` instead. Data is stored in the Docker volume `viewer-data` (`/data/viewers/.db`). @@ -59,13 +60,6 @@ docker compose logs -f docker compose down ``` -For local Docker testing without NPM, temporarily add to `docker-compose.yml`: - -```yaml -ports: - - "5000:5000" -``` - ### More options ```powershell @@ -158,7 +152,7 @@ location / { } ``` -Do **not** expose port `5000` publicly — only NPM should reach the container. +Bind port `5000` only on your internal network (firewall), not on the public internet — NPM terminates TLS and proxies internally. ## Language / i18n diff --git a/docker-compose.yml b/docker-compose.yml index 7316120..693b623 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,8 @@ services: viewer: build: . - expose: - - "5000" + ports: + - "5000:5000" environment: DATA_DIR: /data TRUST_PROXY: "1"