Fix login redirect behind reverse proxy
This commit is contained in:
Michael Kuron
@@ -9,6 +9,10 @@ map $http_x_forwarded_port $maybe_real_port {
|
|||||||
default $http_x_forwarded_port;
|
default $http_x_forwarded_port;
|
||||||
'' $server_port;
|
'' $server_port;
|
||||||
}
|
}
|
||||||
|
map $http_x_forwarded_host $maybe_real_host {
|
||||||
|
default $http_x_forwarded_host;
|
||||||
|
'' $host:$real_port;
|
||||||
|
}
|
||||||
map $realip_remote_addr $real_scheme {
|
map $realip_remote_addr $real_scheme {
|
||||||
default $scheme;
|
default $scheme;
|
||||||
172.22.1.1 $maybe_real_scheme;
|
172.22.1.1 $maybe_real_scheme;
|
||||||
@@ -17,6 +21,10 @@ map $realip_remote_addr $real_port {
|
|||||||
default $server_port;
|
default $server_port;
|
||||||
172.22.1.1 $maybe_real_port;
|
172.22.1.1 $maybe_real_port;
|
||||||
}
|
}
|
||||||
|
map $realip_remote_addr $real_host {
|
||||||
|
default $scheme;
|
||||||
|
172.22.1.1 $maybe_real_host;
|
||||||
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
include /etc/nginx/conf.d/listen_ssl.active;
|
include /etc/nginx/conf.d/listen_ssl.active;
|
||||||
@@ -53,7 +61,7 @@ server {
|
|||||||
real_ip_recursive on;
|
real_ip_recursive on;
|
||||||
|
|
||||||
location = /principals/ {
|
location = /principals/ {
|
||||||
rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
|
rewrite ^ $real_scheme://$real_host/SOGo/dav;
|
||||||
allow all;
|
allow all;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -119,7 +127,7 @@ server {
|
|||||||
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
||||||
proxy_set_header x-webobjects-remote-host $remote_addr;
|
proxy_set_header x-webobjects-remote-host $remote_addr;
|
||||||
proxy_set_header x-webobjects-server-name $server_name;
|
proxy_set_header x-webobjects-server-name $server_name;
|
||||||
proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
|
proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
|
||||||
proxy_set_header x-webobjects-server-port $real_port;
|
proxy_set_header x-webobjects-server-port $real_port;
|
||||||
client_body_buffer_size 128k;
|
client_body_buffer_size 128k;
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
@@ -133,7 +141,7 @@ server {
|
|||||||
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
||||||
proxy_set_header x-webobjects-remote-host $remote_addr;
|
proxy_set_header x-webobjects-remote-host $remote_addr;
|
||||||
proxy_set_header x-webobjects-server-name $server_name;
|
proxy_set_header x-webobjects-server-name $server_name;
|
||||||
proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
|
proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
|
||||||
proxy_set_header x-webobjects-server-port $real_port;
|
proxy_set_header x-webobjects-server-port $real_port;
|
||||||
client_body_buffer_size 128k;
|
client_body_buffer_size 128k;
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
@@ -206,7 +214,7 @@ server {
|
|||||||
real_ip_recursive on;
|
real_ip_recursive on;
|
||||||
|
|
||||||
location = /principals/ {
|
location = /principals/ {
|
||||||
rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
|
rewrite ^ $real_scheme://$real_host/SOGo/dav;
|
||||||
allow all;
|
allow all;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -272,7 +280,7 @@ server {
|
|||||||
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
||||||
proxy_set_header x-webobjects-remote-host $remote_addr;
|
proxy_set_header x-webobjects-remote-host $remote_addr;
|
||||||
proxy_set_header x-webobjects-server-name $server_name;
|
proxy_set_header x-webobjects-server-name $server_name;
|
||||||
proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
|
proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
|
||||||
proxy_set_header x-webobjects-server-port $real_port;
|
proxy_set_header x-webobjects-server-port $real_port;
|
||||||
client_body_buffer_size 128k;
|
client_body_buffer_size 128k;
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
@@ -286,7 +294,7 @@ server {
|
|||||||
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
||||||
proxy_set_header x-webobjects-remote-host $remote_addr;
|
proxy_set_header x-webobjects-remote-host $remote_addr;
|
||||||
proxy_set_header x-webobjects-server-name $server_name;
|
proxy_set_header x-webobjects-server-name $server_name;
|
||||||
proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
|
proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
|
||||||
proxy_set_header x-webobjects-server-port $real_port;
|
proxy_set_header x-webobjects-server-port $real_port;
|
||||||
client_body_buffer_size 128k;
|
client_body_buffer_size 128k;
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
|
|||||||
@@ -101,8 +101,8 @@ Recreate affected containers by running `docker-compose up -d`.
|
|||||||
[...]
|
[...]
|
||||||
# You should proxy to a plain HTTP session to offload SSL processing
|
# You should proxy to a plain HTTP session to offload SSL processing
|
||||||
ProxyPass / http://127.0.0.1:8080/
|
ProxyPass / http://127.0.0.1:8080/
|
||||||
ProxyPassReverse / http://127.0.0.1:8080/
|
|
||||||
ProxyPreserveHost Off
|
ProxyPreserveHost Off
|
||||||
|
RequestHeader set X-Forwarded-Host "mail.example.org"
|
||||||
RequestHeader set X-Forwarded-Proto "https"
|
RequestHeader set X-Forwarded-Proto "https"
|
||||||
RequestHeader set X-Forwarded-Port "443"
|
RequestHeader set X-Forwarded-Port "443"
|
||||||
your-ssl-configuration-here
|
your-ssl-configuration-here
|
||||||
@@ -131,6 +131,7 @@ server {
|
|||||||
proxy_pass http://127.0.0.1:8080/;
|
proxy_pass http://127.0.0.1:8080/;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-Port $server_port;
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
}
|
}
|
||||||
@@ -146,6 +147,7 @@ frontend https-in
|
|||||||
|
|
||||||
backend mailcow
|
backend mailcow
|
||||||
option forwardfor
|
option forwardfor
|
||||||
|
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
|
||||||
http-request set-header X-Forwarded-Proto https
|
http-request set-header X-Forwarded-Proto https
|
||||||
http-request set-header X-Forwarded-Port %[dst_port]
|
http-request set-header X-Forwarded-Port %[dst_port]
|
||||||
server mailcow 127.0.0.1:8080 check
|
server mailcow 127.0.0.1:8080 check
|
||||||
|
|||||||
Reference in New Issue
Block a user