10 months ago
Hello everyone,
I have a Spring Boot app running behind a Caddy reverse proxy.
During the login flow, the Spring Boot app always stores an HTTP address as the redirect URI instead of an HTTPS address.
I suspect this is because the x-forwarded headers are not being interpreted correctly, which is why it is not using HTTPS.
From my point of view, Caddy is configured to forward the X-Forwarded headers:
servers {
trusted_proxies static private_ranges # trust railway's proxy
}
See:https://caddyserver.com/docs/caddyfile/directives/reverse%5Fproxy#headers
I have also configured the Spring Boot app so that it should accept the X-Forwarded headers:
server.forward-headers-strategy=framework
server.tomcat.redirect-context-root=false
See: https://docs.spring.io/spring-boot/how-to/webserver.html#howto.webserver.use-behind-a-proxy-server
I have already tried many different variations:
Does anyone have any idea what the problem might be?
2 Replies
10 months ago
Hey there! We've found the following might help you get unblocked faster:
- 🧵 Error while connecting Google OAuth 2.0 Client IDs
- 🧵 ❗️ Java Spring Boot app not responding on Railway (HTTP 502 / 499)
- 🧵 Google Drive API OAuth Redirect Issue on n8n
If you find the answer from one of these, please let us know by solving the thread!
Status changed to Solved obstkompost • 10 months ago
10 months ago
Found a solution:
In addition to the configurations described above in the Caddy file and in the Spring Boot config, the following must be added
to the Caddy reverse proxy config:
header_up Host {host}
header_up X-Forwarded-Proto https
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Host {host}
header_up X-Forwarded-Port {http.request.port}
You probably don't need to set everything, but the X-Forwarded-Proto header is particularly important.
Status changed to Awaiting Railway Response Railway • 10 months ago
Status changed to Solved obstkompost • 10 months ago