From 91186db1c3fa57ae5d20dd4fb8590cb70d008711 Mon Sep 17 00:00:00 2001
From: Eric Park <me@ericswpark.com>
Date: Sat, 17 Aug 2024 11:32:29 -0400
Subject: [PATCH] fix(docker): use proper nginx config for layered reverse
 proxies (#562)

In case the setup utilizes multiple reverse proxies, the X-Forwarded-*
headers will be mangled with the previous configuration. However, to
trust the X-Forwarded-* headers, we need to trust that there will be an
edge reverse proxy serving requests, and that the reverse proxy is
correctly clearing and setting the X-Forwarded-* headers before
propagating them down the stack.

With the configuration change, make a note about the potential security
vulnerability with a possible unsupported setup, and the importance of
passing verified X-Forwarded-* headers in the documentation.

Fixes #562
---
 docker/nginx/nginx.conf       | 2 +-
 docs/sysadmin/Installation.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index 1725fba7..9036b721 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -28,7 +28,7 @@ server {
 
         proxy_pass http://shipper;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
         proxy_set_header Host $host;
         proxy_redirect off;
     }
diff --git a/docs/sysadmin/Installation.md b/docs/sysadmin/Installation.md
index 3d864fe4..8a153ae3 100644
--- a/docs/sysadmin/Installation.md
+++ b/docs/sysadmin/Installation.md
@@ -6,7 +6,7 @@ shipper will run on any x86_64 platform, but for best results we recommend runni
 
 To install shipper, Docker and Docker Compose **must** be installed.
 
-A web server (such as Nginx or Apache) should also be installed so that requests to shipper can be reverse-proxied. Although not strictly required, we recommend using one if it is available.
+A web server (such as Nginx or Apache) should also be installed so that it may serve as a reverse proxy to shipper. This is **required** and should **not** be skipped. Failure to reverse proxy shipper can and will result in security issues, as the reverse proxy of the Docker Compose stack will trust all `X-Forwarded-*` headers sent by the edge reverse proxy. 
 
 ## Clone the repository