Open DaFlowah opened 3 years ago
Any update? I have same issue running flask and odoo behind NPM. I cant see client IP and others headers
Same here, got the same issue with another docker image running remotely.one. I'm also having additional issues with NPM not setting additional configuration under the custom config, wondering if this is an issue with the custom configuration in UI itself.
I've tried to also set additional header info as seen below but when I test for the CSP - these come back as fail from external testing on top of the Client IP and other headers
add_header Content-Security-Policy "upgrade-insecure-requests"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy no-referrer always; add_header X-Robots-Tag none; proxy_hide_header Upgrade; proxy_hide_header X-Powered-By; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
There's a warning about this right underneath the text box where you add these custom configs:
Please note, that any add_header or set_header directives added here will not be used by nginx. You will have to add a custom location '/' and add the header in the custom config there.
add a custom location '/' and add the header in the custom config :proxy_set_header Host $http_host;
web is 400 Bad Request
bash-5.1# pwd
/data/nginx/proxy_host
bash-5.1# cat 12.conf
# ------------------------------------------------------------
# xxx.xxx.xxx
# ------------------------------------------------------------
server {
set $forward_scheme http;
set $server "192.168.2.19";
set $port 8806;
listen 8080;
listen [::]:8080;
listen 4443 ssl http2;
listen [::]:4443 ssl http2;
server_name xxx.xxx.xxx;
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-3/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-3/privkey.pem;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
access_log /data/logs/proxy-host-12_access.log proxy;
error_log /data/logs/proxy-host-12_error.log warn;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://192.168.2.19:8806;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
I have walked the same road when I just noticed that a possible solution has been suggested in #1477.
Basically you have to edit /data/nginx/custom/server_proxy.conf
that is designed for such a changes.
I agree that UI management should be add here. As also that those settings are common for all proxies that you will create.
P.S. you do not need to set add_header X-Frame-Options "SAMEORIGIN";
this could be managed via Docker Envs.
Issue is now considered stale. If you want to keep it open, please comment :+1:
👍
:+1:
Describe the bug Hi, I need to override the
default proxy_set_header Host $host
toproxy_set_header Host $http_host
for a specific Proxy Host, since it's required by the app I'm trying to Proxy (more info here)To Reproduce Create a Proxy Host Go to Advanced and add
proxy_set_header Host $http_host;
The value is not applied and the application throws an error.Expected behavior I am expecting this value to be added.
Screenshots
Operating System
Additional context If on the host I edit
/etc/nginx/conf.d/include/proxy.conf
and change the default value, it works, but it's a temporary change.