Proxies & Password Pusher
When hosting Password Pusher with a proxy, you can take advantage of the proxy’s features to enhance security, scalability, and performance. A proxy is often used to act as an SSL termination endpoint as well.
Required Proxy Headers
An occasional issue is that when using Password Pusher behind a proxy, the generated secret URLs are incorrect. They often have the backend URL & port instead of the public fully qualified URL - or use HTTP instead of HTTPS (or all of the preceding).
To resolve this, make sure your proxy properly forwards the X-Forwarded-Host
, X-Forwarded-Port
and X-Forwarded-Proto
headers.
The values in these headers represent the front end request. When these headers are sent, Password Pusher can then build the correct URLs.
Nginx Example
As an example, for nginx, the addition could be:
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
Alternative Option
If you are unable to have these headers passed to the application for any reason, you could instead force an override of the base URL using the PWP__OVERRIDE_BASE_URL
environment variable.
Environment Variable | Description | Example Value |
---|---|---|
PWP__OVERRIDE_BASE_URL | Set this value (without a trailing slash) to force the base URL of generated links. | ‘https://subdomain.domain.dev’ |