Skip to content

Commit

Permalink
Merge branch '2.1.x' into 2.2.x
Browse files Browse the repository at this point in the history
  • Loading branch information
bclozel committed Dec 19, 2019
2 parents b515d6b + 3e48e36 commit 9794373
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -786,13 +786,19 @@ For more details, see {jetty-docs}/configuring-jetty-request-logs.html[the Jetty


[[howto-use-behind-a-proxy-server]]
[[howto-use-tomcat-behind-a-proxy-server]]
=== Running Behind a Front-end Proxy Server
Your application might need to send `302` redirects or render content with absolute links back to itself.
When running behind a proxy, the caller wants a link to the proxy and not to the physical address of the machine hosting your app.
Typically, such situations are handled through a contract with the proxy, which adds headers to tell the back end how to construct links to itself.
If your application is running behind a proxy, a load-balancer or in the cloud, the request information (like the host, port, scheme...) might change along the way.
Your application may be running on `10.10.10.10:8080`, but HTTP clients should only see `example.org`.

If the proxy adds conventional `X-Forwarded-For` and `X-Forwarded-Proto` headers (most proxy servers do so), the absolute links should be rendered correctly, provided `server.forward-headers-strategy` is set to `NATIVE` or `FRAMEWORK` in your `application.properties`.
https://tools.ietf.org/html/rfc7239[RFC7239 "Forwarded Headers"] defines the `Forwarded` HTTP header; proxies can use this header to provide information about the original request.
You can configure your application to read those headers and automatically use that information when creating links and sending them to clients in HTTP 302 responses, JSON documents or HTML pages.
There are also non-standard headers, like `X-Forwarded-Host`, `X-Forwarded-Port`, `X-Forwarded-Proto`, `X-Forwarded-Ssl`, and `X-Forwarded-Prefix`.

If the proxy adds the commonly used `X-Forwarded-For` and `X-Forwarded-Proto` headers, setting `server.forward-headers-strategy` to `NATIVE` is enough to support those.
With this option, the Web servers themselves natively support this feature; you can check their specific documentation to learn about specific behavior.

If this is not enough, Spring Framework provides a {spring-framework-docs}web.html#filters-forwarded-headers[ForwardedHeaderFilter].
You can register it as a Servlet Filter in your application by setting `server.forward-headers-strategy` is set to `FRAMEWORK`.

NOTE: If your application runs in Cloud Foundry or Heroku, the configprop:server.forward-headers-strategy[] property defaults to `NATIVE`.
In all other instances, it defaults to `NONE`.
Expand Down

0 comments on commit 9794373

Please sign in to comment.