docs: Updated TRUST_PROXY as a conditionally required variable (#3249)

hajjimo · web-flow · commit d01ea5a65dad · 2025-02-10T07:13:42.000-05:00
* docs: Updated TRUST_PROXY as a conditionally required variable

* docs: mi/3239/trust-proxy-update

Added TRUST_PROXY as conditionally required for AUTH

* docs: mi/3239/trust-proxy-update
diff --git a/packages/documentation/src/content/docs/integration/deployment/docker-compose.mdx b/packages/documentation/src/content/docs/integration/deployment/docker-compose.mdx
@@ -99,6 +99,10 @@ Update the variables in the following compose file with values relevant to your
 You must change the values enclosed within the brackets of the following compose file. Substitute `newest-version` with the latest Rafiki <LinkOut href='https://github.com/interledger/rafiki/releases'>version</LinkOut>.
 :::
 
+:::caution[Running Rafiki behind a proxy]
+If you plan to run your Rafiki instance behind a proxy, you must set the `TRUST_PROXY` variable to `true`
+:::
+
 ```sh
 name: 'my-rafiki'
 services:
diff --git a/packages/documentation/src/partials/auth-variables.mdx b/packages/documentation/src/partials/auth-variables.mdx
@@ -15,6 +15,16 @@ import { LinkOut } from '@interledger/docs-design-system'
 
 </div>
 
+### Conditionally required
+
+<div class="overflow-table">
+
+| Variable      | Helm value name   | Default | Description                                                                                                                                           |
+| ------------- | ----------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `TRUST_PROXY` | `auth.trustProxy` | `false` | Must be set to `true` when running Rafiki behind a proxy. When `true`, the `X-Forwarded-Proto` header is used to determine if connections are secure. |
+
+</div>
+
 ### Optional
 
 <div class="overflow-table wider-column">
@@ -40,7 +50,6 @@ import { LinkOut } from '@interledger/docs-design-system'
 | `REDIS_TLS_CA_FILE_PATH`          | `auth.redis.tlsCaFile`              | `''`               | <LinkOut href="https://redis.io/docs/latest/operate/oss_and_stack/management/security/encryption/">Redis TLS config</LinkOut>                                       |
 | `REDIS_TLS_CERT_FILE_PATH`        | `auth.redis.tlsCertFile`            | `''`               | <LinkOut href="https://redis.io/docs/latest/operate/oss_and_stack/management/security/encryption/">Redis TLS config</LinkOut>                                       |
 | `REDIS_TLS_KEY_FILE_PATH`         | `auth.redis.tlsKeyFile`             | `''`               | <LinkOut href="https://redis.io/docs/latest/operate/oss_and_stack/management/security/encryption/">Redis TLS config</LinkOut>                                       |
-| `TRUST_PROXY`                     | `auth.trustProxy`                   | `false`            | When `true`, the `X-Forwarded-Proto` header is used to determine if connections are secure.                                                                         |
 | `WAIT_SECONDS`                    | `auth.grant.waitSeconds`            | `5`                | The wait time, in seconds, included in a grant request response (`grant.continue`).                                                                                 |
 
 </div>
diff --git a/packages/documentation/src/partials/backend-variables.mdx b/packages/documentation/src/partials/backend-variables.mdx
@@ -27,6 +27,7 @@ import { LinkOut } from '@interledger/docs-design-system'
 | Variable        | Helm value name         | Default     | Description                                                                                                                                                               |
 | --------------- | ----------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `INSTANCE_NAME` | `backend.instance.name` | _undefined_ | Your Rafiki instance's name used to communicate for auto-peering and/or [telemetry](/overview/concepts/telemetry). Required when auto-peering and/or telemetry is enabled |
+| `TRUST_PROXY`   | `backend.trustProxy`    | `false`     | Must be set to `true` when running Rafiki behind a proxy. When `true`, the `X-Forwarded-Proto` header is used to determine if connections are secure.                     |
 
 </div>
 
@@ -80,7 +81,6 @@ import { LinkOut } from '@interledger/docs-design-system'
 | `TIGERBEETLE_REPLICA_ADDRESSES`                       | _undefined_                                              | `3004`                                                                      | TigerBeetle replica addresses for all replicas in the cluster. The addresses are comma-separated IP addresses/ports, to create a <LinkOut href="https://docs.tigerbeetle.com/clients/node/#creating-a-client">TigerBeetle client</LinkOut>. |
 | `TIGERBEETLE_REPLICA_ADDRESSES.SPLIT`                 | _undefined_                                              | `3004`                                                                      | N/A                                                                                                                                                                                                                                         |
 | `TIGERBEETLE_TWO_PHASE_TIMEOUT_SECONDS`               | _undefined_                                              | `5`                                                                         | N/A                                                                                                                                                                                                                                         |
-| `TRUST_PROXY`                                         | `backend.trustProxy`                                     | `false`                                                                     | When `true`, the `X-Forwarded-Proto` header is used to determine if connections are secure.                                                                                                                                                 |
 | `WALLET_ADDRESS_DEACTIVATION_PAYMENT_GRACE_PERIOD_MS` | `backend.walletAddress.deactivationPaymentGratePeriodMs` | `86400000` (24 hours)                                                       | The time into the future, in milliseconds, to set expiration of Open Payments incoming payments when deactivating a wallet address.                                                                                                         |
 | `WALLET_ADDRESS_LOOKUP_TIMEOUT_MS`                    | `backend.walletAddress.lookupTimeoutMs`                  | `1500`                                                                      | The time, in milliseconds, you have to create a missing wallet address before timeout.                                                                                                                                                      |
 | `WALLET_ADDRESS_POLLING_FREQUENCY_MS`                 | `backend.walletAddress.pollingFrequencyMs`               | `100`                                                                       | The frequency of polling while waiting for you to create a missing wallet address.                                                                                                                                                          |
