From 34d7dadb147118f35ce412276c5abe100df5693b Mon Sep 17 00:00:00 2001
From: Brandon Kauffman <bck01215@gmail.com>
Date: Wed, 19 Oct 2022 21:33:18 -0400
Subject: [PATCH] Update Administration Setup Docs (#1293)

Add clarification of port difference for gRPC and HTTP

Co-authored-by: 6543 <6543@obermui.de>
---
 docs/docs/30-administration/00-setup.md | 31 +++++++++++++++++++++++--
 docs/docs/30-administration/70-proxy.md |  4 +++-
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/docs/docs/30-administration/00-setup.md b/docs/docs/30-administration/00-setup.md
index 677d8a0b4..fdab5b576 100644
--- a/docs/docs/30-administration/00-setup.md
+++ b/docs/docs/30-administration/00-setup.md
@@ -72,8 +72,36 @@ services:
     environment:
       - [...]
 +     - WOODPECKER_HOST=${WOODPECKER_HOST}
++     - WOODPECKER_HOST=${WOODPECKER_HOST}
+```
+Woodpecker can also have its port's configured. It uses a separate port for gRPC and for HTTP. The agent performs gRPC calls and connects to the gRPC port.
+They can be configured with ADDR variables:
+
+```diff
+# docker-compose.yml
+version: '3'
+services:
+  woodpecker-server:
+    [...]
+    environment:
+      - [...]
++     - WOODPECKER_GRPC_ADDR=${WOODPECKER_GRPC_ADDR}
++     - WOODPECKER_SERVER_ADDR=${WOODPECKER_HTTP_ADDR}
 ```
 
+Reverse proxying can also be [configured for gRPC](./proxy#caddy). If the agents are connecting over the internet, it should also be SSL encrypted. The agent then needs to be configured to be secure:
+
+```diff
+# docker-compose.yml
+version: '3'
+services:
+  woodpecker-server:
+    [...]
+    environment:
+      - [...]
++     - WOODPECKER_GRPC_SECURE=true # defaults to false
++     - WOODPECKER_GRPC_VERIFY=true # default
+```
 As agents run pipeline steps as docker containers they require access to the host machine's Docker daemon:
 
 ```diff
@@ -88,8 +116,7 @@ services:
 +     - /var/run/docker.sock:/var/run/docker.sock
 ```
 
-Agents require the server address for agent-to-server communication:
-
+Agents require the server address for agent-to-server communication. The agent connects to the server's gRPC port:
 ```diff
 # docker-compose.yml
 version: '3'
diff --git a/docs/docs/30-administration/70-proxy.md b/docs/docs/30-administration/70-proxy.md
index 4a224ad34..b57b93442 100644
--- a/docs/docs/30-administration/70-proxy.md
+++ b/docs/docs/30-administration/70-proxy.md
@@ -82,11 +82,13 @@ server {
 
 This guide provides a brief overview for installing Woodpecker server behind the [Caddy web-server](https://caddyserver.com/). This is an example caddyfile proxy configuration:
 
-```nohighlight
+```caddy
+# expose WebUI and API
 woodpecker.example.com {
   reverse_proxy woodpecker-server:8000
 }
 
+# expose gRPC
 woodpeckeragent.example.com {
   reverse_proxy h2c://woodpecker-server:9000
 }