diff options
Diffstat (limited to '')
-rw-r--r-- | UPGRADE.rst | 9 | ||||
-rw-r--r-- | docs/reverse_proxy.md | 7 |
2 files changed, 11 insertions, 5 deletions
diff --git a/UPGRADE.rst b/UPGRADE.rst index 8bc2ff91ab..ba488e1041 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -98,9 +98,12 @@ will log a warning on each received request. To avoid the warning, administrators using a reverse proxy should ensure that the reverse proxy sets `X-Forwarded-Proto` header to `https` or `http` to -indicate the protocol used by the client. See the `reverse proxy documentation -<docs/reverse_proxy.md>`_, where the example configurations have been updated to -show how to set this header. +indicate the protocol used by the client. + +Synapse also requires the `Host` header to be preserved. + +See the `reverse proxy documentation <docs/reverse_proxy.md>`_, where the +example configurations have been updated to show how to set these headers. (Users of `Caddy <https://caddyserver.com/>`_ are unaffected, since we believe it sets `X-Forwarded-Proto` by default.) diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md index 860afd5a04..cf1b835b9d 100644 --- a/docs/reverse_proxy.md +++ b/docs/reverse_proxy.md @@ -104,10 +104,11 @@ example.com:8448 { ``` <VirtualHost *:443> SSLEngine on - ServerName matrix.example.com; + ServerName matrix.example.com RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} AllowEncodedSlashes NoDecode + ProxyPreserveHost on ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon @@ -116,7 +117,7 @@ example.com:8448 { <VirtualHost *:8448> SSLEngine on - ServerName example.com; + ServerName example.com RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} AllowEncodedSlashes NoDecode @@ -135,6 +136,8 @@ example.com:8448 { </IfModule> ``` +**NOTE 3**: Missing `ProxyPreserveHost on` can lead to a redirect loop. + ### HAProxy ``` |