Add more information on Forward-XXX headers and subpath config for on-premise installations #9958
+34
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@WimJongeneel |
Robinfr
suggested changes
Aug 14, 2025
Comment on lines
26
to
34
| location /my/sub/path/ { | ||
| # Make the Mendix runtime aware of https, see documentation below for more information. | ||
| proxy_set_header X-Forwarded-Proto "https"; | ||
|
|
||
| # Required for Mendix DevTools to work. | ||
| proxy_http_version 1.1; | ||
|
|
||
| # Proxy the request to the Mendix runtime. | ||
| proxy_pass http://mendix-runtim:8080/; |
| {{% alert color="info" %}} | ||
| Routing based on a subpath is possible as of Studio Pro 10.3 (for details, see the [ApplicationRootUrl](/refguide/custom-settings/#applicationrooturl-section) section of the *Runtime Customization* page), although it is not supported in Mendix Cloud. For versions below 10.3, it is not possible to use a path to your app. Your app should always be at the root of your subdomain. In other words, it should be at a location like this: `https://subdomain.domain/`. | ||
|
|
||
| If you want to deploy several apps on the same domain, use different subdomains to identify the app. For example, use `https://appA.apps.mydomain.com/`, not `https://mydomain.com/apps/appA`. | ||
| {{% /alert %}} | ||
|
|
||
| ## Secure cookies for on-premise applications | ||
|
|
||
| The Mendix runtime sets cookies with the `secure` attribute when the application is served over `https` However, in a scenario where the Mendix runtime is served from behind a loadbalancer using `http` for the internal communication, the Mendix runtime needs to be made aware that it is served over `https` to the end-users. This can be done by setting the [ApplicationRootUrl](/refguide/custom-settings/#applicationrooturl-section) Runtime setting to a `https://` link, or by setting the `X-Forwarded-Proto` or `X-Forwarded-Schema` header to `https` in the loadbalancer. |
There was a problem hiding this comment.
Missing period after https.
| # Location block for the subpath `/my/sub/path`. | ||
| location /my/sub/path/ { | ||
| # Make the Mendix runtime aware of https, see documentation below for more information. | ||
| proxy_set_header X-Forwarded-Proto "https"; |
There was a problem hiding this comment.
Should the others also be added here for completeness?
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
There was a problem hiding this comment.
I've added the other headers we use (not exactly those however)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Needs R&D verification.
Not connected to a specific release