It should be easy to serve the Axon Ivy Engine behind a reverse proxy server. But sometimes it causes some trouble. At this point, I want to outline which HTTP headers need to be configured correctly.
Host
To successfully integrate a reverse proxy with the Axon Ivy Engine you need to pass the host which the client itself initially requested so that the Axon Ivy Engine can generate correct URLs based on the request. Most reverse proxy servers provide a feature called preserveHostHeader
.
If X-Forwarded-Host
is set on the request, this will be used instead of the Host
header.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
X-Forwarded-Proto
For identifying the protocol (HTTP or HTTPS) that a client used to connect to your reverse proxy server. This is important otherwise the generated links or redirects are wrong. Mostly only needed to terminate SSL on the reverse proxy server.
There are reverse proxies out there that use their own homebrew HTTP Headers like Azure Application Proxy. In Axon Ivy Engine 11.3.0 and 10.0.20, you can configure the name of this header. Also, the value can be configured https
vs on
.
# Alternatives
X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Url-Scheme: https
# Microsoft
Front-End-Https: on
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
X-Forwarded-Port
This is used to represent the port number used by the client for the request. Only in charge when the HTTP Header of 'ForwardedProtocol' is also set on request. This is only needed if the port differs from the standard ports for HTTP (80) and HTTPS (443).
X-Forwarded-For
For identifying the originating IP address of a client connecting to the reverse proxy server. It should not affect
functionality, but you may be glad to have the correct IP address of your client in the logs.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
Forwarded
Currently, we don't support the official standard Forwarded
header. It seems not to be widely accepted. Call us if you think we should support it.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded