Fix X-Forwarded-Host behind Apache reverse proxy

This commit is contained in:
Michael Kuron 2017-04-21 18:15:28 +02:00
parent d350c009b9
commit 55ad1a3d5c

View File

@ -102,9 +102,14 @@ Recreate affected containers by running `docker-compose up -d`.
# You should proxy to a plain HTTP session to offload SSL processing # You should proxy to a plain HTTP session to offload SSL processing
ProxyPass / http://127.0.0.1:8080/ ProxyPass / http://127.0.0.1:8080/
ProxyPreserveHost Off ProxyPreserveHost Off
RequestHeader set X-Forwarded-Host "mail.example.org" ProxyAddHeaders Off
RequestHeader set X-Forwarded-Proto "https" RewriteEngine on
RequestHeader set X-Forwarded-Port "443" RewriteRule ^(.*) - [E=HOST_HEADER:%{HTTP_HOST},E=CLIENT_IP:%{REMOTE_ADDR},E=PORT_NUMBER:%{SERVER_PORT},L]
RequestHeader append X-Forwarded-For "%{CLIENT_IP}e"
RequestHeader set X-Forwarded-Host "%{HOST_HEADER}e"
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
RequestHeader set X-Forwarded-Proto "http" env=!HTTPS
RequestHeader set X-Forwarded-Port "%{PORT_NUMBER}e"
your-ssl-configuration-here your-ssl-configuration-here
[...] [...]
@ -148,7 +153,8 @@ frontend https-in
backend mailcow backend mailcow
option forwardfor option forwardfor
http-request set-header X-Forwarded-Host %[req.hdr(Host)] http-request set-header X-Forwarded-Host %[req.hdr(Host)]
http-request set-header X-Forwarded-Proto https http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-Port %[dst_port]
server mailcow 127.0.0.1:8080 check server mailcow 127.0.0.1:8080 check
``` ```