X-Forwarded-Proto header

Do I totally screwed or I read somewhere that we could add some headers to boringproxy?

How would I come to the solution with proxy_set_header X-Forwarded-Proto $scheme;?

I would be also very glad of a boring simple solution for that kind of situation like on Cloudflare services:

Make sure you have working SSL and HTTPS on Heroku (or wherever you’re serving your Rails application.) Turn Cloudflare SSL to Full mode. Problem solved.

Many thanks in advance for your advices

There’s no way to set custom headers in boringproxy. I could add it (or add X-Forwarded-Proto explicitly), but I’m not sure when I’d get to it. Can I ask what specifically you need the header for?

I already got for two projects (the first one, I abandoned it and can even remember it)

But most recently I tried to use InvoiceNinja on reverse proxy and snappdf refuse to render PDFs if this header is not present.

Is this a lot of work?

I went ahead and implemented it real quick. You’ll need to use the master builds though, which have quite a few other changes at this point:


Let me know if that works for you.

After digging into API config I could investigate more and listed the maximal required headers:

location ~* /api/ {
proxy_pass http://gunicorn;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Just for knowing, which one of those are already implemented?

Side note you are just AMAZING!!! Really!

Thank you so much for this quick fix you’re a Lord

1 Like

I appreciate the appreciation.

I believe boringproxy currently supports Host, X-Forwarded-For, and now X-Forwarded-Proto.

X-Real-IP is redundant with X-Forwarded-For and shouldn’t be required.

And it’s sincere! :wink:


I will make some tests to validate X-Real-IP redundancy to be sure

Due to a new stop of serving tunnels between clients and server I took time to update to the alpha master version.

Unfortunately I was not able to confirm that the proxy_set_header X-Forwarded-Proto $scheme; worked. Since I have always the http call at the end.

Maybe I have to use a new TLS Termination, since till then I used Server RAW TLS?


Thanks in advance

To be sure I tried them all with no luck.

But I still think that the X-Real-IP is needed when I look at network tool


Scheme is still not propagated, but it seems that IP also have to be forwarded

What do you mean?

After returning on the corresponding project impacted by this issue (my invoice manager), I have noticed that the schema propagation is now perfectly OK.

I guess there must have been some caching somewhere, but in any case everything is fixed and I confirm that the X-Real-IP header is redundant.

Thanks again

1 Like

Glad you got it working!