Hugo behind proxy, how to start

I lost too much time to start Hugo behind proxy so that everything works fine. Documentation not include (or I didn’t find) how to start hugo behind proxy so that it works exactly as without proxy.

The biggest problem was baseURL variable. config I add

  • config I add baseURL: https://some.dom
  • on the command line I use -p NNNN option to set some port
  • proxy (and reverser) include config to convert https://some.dom packets to localhost port NNNN

What was result?
Variable baseUrl give localhost:NNNN ???

Then I add option --baseUrl=“https://some.dom” when I started hugo.
This so me that config file BaseURL is something which not work I expected. I have to use same “parameter” in the command line, but it’s not the same ? Why the same name …

BUT now variable BaseURL (or was that ABS URL ?) return https://some.dom:NNNN …
No - I don’t like show that url for users, because it not work …

Then I found in some discussion, I have to tell in command line that don’t add local port to the baseURL … grazy. Why you can’t tell your FULL URL in the baseUrl, why hugo add port to the url. So there is option --appendPort=false to tell Hugo that don’t add port argument to the baseURL …

Start Hugo behind proxy, when you offer public url usually today with SSL and proxy handle ssl certs.

hugo server --theme THEME -p 9000  -v --appendPort=false --baseUrl="https://some.dome"

Now Hugo tell users that home page is https://some.dome and Hugo works locally in port 9000, but not tell that for users. Offer public url, not local.

Hopefully this info will add to the doc
“Hugo server behind proxy”.

And with some proxy example

  • haproxy
  • nginx
  • apache

Example haproxy config is simple when public url translate to the local server without url rewrite and other proxy optimizing:

use_backend bk_hugosomedom if { ssl_fc_sni some.dom }
backend bk_hugosomedom
        server server1.server.dom source some.dom 

Sorry for the dumb question, but what is the problem ?

Dev is local. So what is the proxy for ?

See the flags available for hugo server; a combination of --bind --baseURL etc. should get you there. And I consider using proxies with Hugo’s development server to not be a common enough task to get special attention in the docs. If you need that, then you’re probably already an expert on this and should be able to figure out the flags to use.

Where I said that it’s dev server ?
It’s not. It’s real.

Problem is Hugo documentation. It took too long to startup hugo server behind proxy-system even I have setup so many servers in history behind some “wall”. It’s not enough for fast process to start Hugo, that you have only man hugo or “hugo server --help” to try find correct options. Here is options, try and good luck.

Yes, I found the solution which works fine behind any proxies, load balancer, SNI-router, … but why doc not include user documentation for that with some example, reference manual is also important, but that is not enough. Sort doc about it will save lot of time from those who try to start Hugo behind ex. some modern security layer, which are in many case done using some proxy idea.

I have proxied our http/https, … servers with some security layer and / or load balancer over 20 years . Never offer native connection directly to the server software. I don’t like to give that kind of “security hole layer” for my customers and myself.

So, example “how to” will be nice startup help for those who run Hugo behind some “wall/layer” system.

I found it, I hope that next new Hugo server startup behind “wall” not need to lost so much time to understand which flag have to use so that also all URL-variables works fine for users and templates.

The biggest finding was understand that config baseUrl and command line option --baseurl means different. Config baseurl variable will be overwrite using current startup environment, but if you have set it in command line, it will be used. If I understood correctly.

  • Running hugo server ex. in port: --port 9000
  • public url don’t add port to the end of baseURL: --appendPort=false
  • public baseURL: --baseUrl=“https://some.dome
  • bind, no need to setup if run behind proxy, default is usually fine and correct if proxy is on the same server. Of course need bind more address space if proxy server is not in same server. bind is same as set chmod 777 for file, no access problem. But security problem is interesting, then need little make the plan.

My topic was “tip&ricks” for those and also for Hugo doc team to add this part to the ex. start server section.

That was my question.
I was curious about your use case ; why using a dev tool for running a web site in production ?

Hugo being a dev tool, there is no security hole of this kind, unless someone put it in this potential situation.

Hugo is a tool to build static html. You ship static html to production, that’s it. Hugo server is for development…


Now I understand what you mean using “dev”. I need to ask from G little helps.

Hugo doc says: " However, some Hugo users may use hugo server in production to instantly display updated content".

I’m one of those in my purposes.

If it’s “forbidden” or not recommendable, then tell it. I hope that you update docs anyway.
Using go http server library include risk or ? Why not also for production ?

Current documentation not give on the 1st look that Hugo team main idea have been …

  • Hugo support Develop, Stage and Production process
  • use hugo and hugo server only for develoment. It’s possible to use also in production, but our …
  • deploy static result to the some https server directly or push changes to the Stage, ex. Github
  • Production use Stage
    or something like that.

I can’t see the main “picture” in the About Hugo | Hugo page.
I took lot of time to ask and ask from G to find document which open whole idea (dev-stage-prod) using Hugo. There was excellent docs, but not in the Hugo’s own docs.

But anyway, if dev hugo server or hugo production server env is behind proxy ex. “sandbox” and dev hugo get sources ex. from git, then we need proxy configuration even it’s only in “dev” use.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.