[Enhancement Request] Document Apache Reverse Proxy Settings #1513
Description
I've started using Heimdall with an Apache reverse proxy. I needed to search the web and even use ChatGPT to find the right settings, which don't seem to be documented in one place anywhere. I'm using the Docker image and the Apache r-proxy is running on the Docker host machine, with Heimdall Docker running on 10080 on that Docker host.
I was getting a problem where no CSS or scripts would load. These are the fixed settings that reverse-proxy Heimdall properly:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
# Automatic redirect to https, see https://wiki.apache.org/httpd/RedirectSSL
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
SSLEngine on
# Proxy to Heimdall
ProxyPass / http://127.0.0.1:10080/ retry=0 timeout=5
ProxyPassReverse / http://127.0.0.1:10080/
ProxyPreserveHost On
ProxyRequests Off
# Fix cookie & path issues
ProxyPassReverseCookieDomain 127.0.0.1 www.example.com
ProxyPassReverseCookiePath / /
# Critical: make Heimdall aware of HTTPS
RequestHeader set X-Forwarded-Proto "https"
# Optional security headers
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
Header always set Referrer-Policy strict-origin-when-cross-origin
# SSL certificate from Let's Encrypt
SSLCertificateFile /etc/ssl/_wildcard.example.com/cert.pem
SSLCertificateKeyFile /etc/ssl/_wildcard.example.com/privkey.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
SSLCertificateChainFile /etc/ssl/_wildcard.example.com/fullchain.pem
</VirtualHost>