Reverse Proxy
Trusted Hosts
If the HumHub application is working behind a reverse proxy (especially an SSL terminator), the reverse proxy must be marked as trusted host.
The following headers are only accepted by a trusted host:
- X-Forwarded-For
- X-Forwarded-Host
- X-Forwarded-Proto
- Front-End-Https
- X-Rewrite-Url
The trusted host must be specified in the configuration file protected/config/web.php
.
Example configuration:
An array key is an IPv4 or IPv6 IP address in CIDR notation for matching a client.
An array value is a list of headers to trust. These will be matched against $secureHeaders to determine which headers are allowed to be sent by a specified host. The case of the header names must be the same as specified in $secureHeaders.
You can find more information in the Yii2 documentation: https://www.yiiframework.com/doc/api/2.0/yii-web-request#$trustedHosts-detail
Caching
If the proxy also acts as a cache, it is important that query parameters are taken into account.
When static files are modified (e.g. during an upgrade), HumHub automatically adds a new query parameter value (cache bust).
The following paths can be cached:
- /assets/*
- /themes/*
- /uploads/*
- /static/*
Example NGINX caching snippet (incomplete):