From 55ad1a3d5c35603d89cb0b13b2bad3e51b8998bc Mon Sep 17 00:00:00 2001 From: Michael Kuron Date: Fri, 21 Apr 2017 18:15:28 +0200 Subject: [PATCH] Fix X-Forwarded-Host behind Apache reverse proxy --- docs/first_steps.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/first_steps.md b/docs/first_steps.md index b64e5618..509e0e78 100644 --- a/docs/first_steps.md +++ b/docs/first_steps.md @@ -102,9 +102,14 @@ Recreate affected containers by running `docker-compose up -d`. # You should proxy to a plain HTTP session to offload SSL processing ProxyPass / http://127.0.0.1:8080/ ProxyPreserveHost Off - RequestHeader set X-Forwarded-Host "mail.example.org" - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" + ProxyAddHeaders Off + RewriteEngine on + RewriteRule ^(.*) - [E=HOST_HEADER:%{HTTP_HOST},E=CLIENT_IP:%{REMOTE_ADDR},E=PORT_NUMBER:%{SERVER_PORT},L] + RequestHeader append X-Forwarded-For "%{CLIENT_IP}e" + RequestHeader set X-Forwarded-Host "%{HOST_HEADER}e" + RequestHeader set X-Forwarded-Proto "https" env=HTTPS + RequestHeader set X-Forwarded-Proto "http" env=!HTTPS + RequestHeader set X-Forwarded-Port "%{PORT_NUMBER}e" your-ssl-configuration-here [...] @@ -148,7 +153,8 @@ frontend https-in backend mailcow option forwardfor http-request set-header X-Forwarded-Host %[req.hdr(Host)] - http-request set-header X-Forwarded-Proto https + http-request set-header X-Forwarded-Proto https if { ssl_fc } + http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] server mailcow 127.0.0.1:8080 check ```