Properly use x-forwarded-proto with redirects in the webui, related to #347

core/admin/mailu/__init__.py

@@ -12,6 +12,8 @@ import docker
 import socket
 import uuid
 
+from werkzeug.contrib import fixers
+
 # Create application
 app = flask.Flask(__name__)
 
@@ -113,9 +115,10 @@ class PrefixMiddleware(object):
         self.app = app
 
     def __call__(self, environ, start_response):
+        print(environ)
         prefix = environ.get('HTTP_X_FORWARDED_PREFIX', '')
         if prefix:
             environ['SCRIPT_NAME'] = prefix
         return self.app(environ, start_response)
 
-app.wsgi_app = PrefixMiddleware(app.wsgi_app)
+app.wsgi_app = PrefixMiddleware(fixers.ProxyFix(app.wsgi_app))

core/nginx/conf/nginx.conf

@@ -71,7 +71,7 @@ http {
       location {{ WEB_WEBMAIL }} {
         rewrite ^({{ WEB_WEBMAIL }})$ $1/ permanent;
         rewrite ^{{ WEB_WEBMAIL }}/(.*) /$1 break;
-        proxy_set_header Host $host;
+        include /etc/nginx/proxy.conf;
         proxy_pass http://$webmail;
       }
       {% endif %}
@@ -83,8 +83,8 @@ http {
 
       location ~ {{ WEB_ADMIN }}/(ui|static) {
         rewrite ^{{ WEB_ADMIN }}/(.*) /$1 break;
+        include /etc/nginx/proxy.conf;
         proxy_set_header X-Forwarded-Prefix {{ WEB_ADMIN }};
-        proxy_set_header Host $host;
         proxy_pass http://$admin;
       }
 
@@ -102,6 +102,7 @@ http {
         rewrite ^/webdav/(.*) /$1 break;
         auth_request /internal/auth/basic;
         auth_request_set $user $upstream_http_x_user;
+        include /etc/nginx/proxy.conf;
         proxy_set_header X-Remote-User $user;
         proxy_set_header X-Script-Name /webdav;
         proxy_pass http://$webdav;

core/nginx/conf/proxy.conf

@@ -0,0 +1,5 @@
+# Default proxy setup
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;

core/nginx/config.py

@@ -29,6 +29,7 @@ if args["TLS"] and not all(os.path.exists(file_path) for file_path in args["TLS"
 
 # Build final configuration paths
 convert("/conf/tls.conf", "/etc/nginx/tls.conf", args)
+convert("/conf/proxy.conf", "/etc/nginx/proxy.conf", args)
 convert("/conf/nginx.conf", "/etc/nginx/nginx.conf", args)
 if os.path.exists("/var/log/nginx.pid"):
     os.system("nginx -s reload")