guedressel
commented
2 years ago Open guedressel opened 2 years ago
guedressel
commented
2 years ago guedressel
commented
2 years ago One task could be to interpret the common "Forwarded" headers as added by various proxy systems to the http requests:
Reads: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
Another one could be to only allow such "Forwarded" headers from trusted sources (read: client addresses). This seems to be a comprehensive write-up of this topic: https://symfony.com/doc/current/deployment/proxies.html
tituspijean
commented
2 years ago Solution found:
By configuring the nginx proxy to always send the public host to the yunohost seems to please the SSOwat (and maybe other components too).
tituspijean
commented
2 years ago @guedressel can you share a screenshot of your proxy settings to illustrate the doc? (you can obviously anonymize your domains and other personal info)
alexAubin
commented
1 year ago To me this is not clear why Yunohost doesn't currently "support" being behind a reverse proxy ... As discussed in https://forum.yunohost.org/t/yunohost-behind-a-reverse-proxy/6378, it's possible to configure Nginx or apparently Caddy to forward to a Yunohost server.
I guess it could be improved by:
alexAubin
commented
9 months ago Related PR : https://github.com/YunoHost/yunohost/pull/1697
For reasons of security, monitoring, plain lack of IPv4 addresses or others it would be beneficial to have some official support to run a YunoHost installation behind a HTTP proxy.
Not only would some documentation be helpful but also support for "X-Forwarded-For" headers and reverse-proxy IP detection may be nice. There also might be other problems and may be even dragons waiting after having managed to do an initial setup as I just did. One example is #2038