diff options
author | Paul Tötterman <ptman@users.noreply.github.com> | 2021-03-26 12:38:31 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-26 10:38:31 +0000 |
commit | d7d4232a2d8e1ca3c27ced3dc8b0dcda0a9e4c6f (patch) | |
tree | a366db2419a388c4ff4289b57fb05d5170c5b6fe | |
parent | Use interpreter from $PATH instead of absolute paths in various scripts using... (diff) | |
download | synapse-d7d4232a2d8e1ca3c27ced3dc8b0dcda0a9e4c6f.tar.xz |
Preserve host in example apache config (#9696)
Fixes redirect loop Signed-off-by: Paul Tötterman <paul.totterman@iki.fi>
Diffstat (limited to '')
-rw-r--r-- | UPGRADE.rst | 9 | ||||
-rw-r--r-- | docs/reverse_proxy.md | 7 |
2 files changed, 11 insertions, 5 deletions
diff --git a/UPGRADE.rst b/UPGRADE.rst index 8bc2ff91ab..ba488e1041 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -98,9 +98,12 @@ will log a warning on each received request. To avoid the warning, administrators using a reverse proxy should ensure that the reverse proxy sets `X-Forwarded-Proto` header to `https` or `http` to -indicate the protocol used by the client. See the `reverse proxy documentation -<docs/reverse_proxy.md>`_, where the example configurations have been updated to -show how to set this header. +indicate the protocol used by the client. + +Synapse also requires the `Host` header to be preserved. + +See the `reverse proxy documentation <docs/reverse_proxy.md>`_, where the +example configurations have been updated to show how to set these headers. (Users of `Caddy <https://caddyserver.com/>`_ are unaffected, since we believe it sets `X-Forwarded-Proto` by default.) diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md index 860afd5a04..cf1b835b9d 100644 --- a/docs/reverse_proxy.md +++ b/docs/reverse_proxy.md @@ -104,10 +104,11 @@ example.com:8448 { ``` <VirtualHost *:443> SSLEngine on - ServerName matrix.example.com; + ServerName matrix.example.com RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} AllowEncodedSlashes NoDecode + ProxyPreserveHost on ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon @@ -116,7 +117,7 @@ example.com:8448 { <VirtualHost *:8448> SSLEngine on - ServerName example.com; + ServerName example.com RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} AllowEncodedSlashes NoDecode @@ -135,6 +136,8 @@ example.com:8448 { </IfModule> ``` +**NOTE 3**: Missing `ProxyPreserveHost on` can lead to a redirect loop. + ### HAProxy ``` |