From 05742d9f1c42ebba589020d012ce10079536c234 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias.brunner@vshn.ch>
Date: Fri, 28 Mar 2025 10:50:07 +0100
Subject: [PATCH] configure reverse proxy header for proper TLS

---
 docker/Caddyfile | 5 ++++-
 hub/settings.py  | 4 ++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/docker/Caddyfile b/docker/Caddyfile
index bfe1b1c..a18f16b 100644
--- a/docker/Caddyfile
+++ b/docker/Caddyfile
@@ -42,7 +42,10 @@
 
 	# Proxy all other requests to Gunicorn
 	handle {
-		reverse_proxy unix//app/run/gunicorn.sock
+		reverse_proxy unix//app/run/gunicorn.sock {
+			header_up X-Forwarded-Proto https
+			header_up X-Forwarded-Host {host}
+		}
 	}
 
 	# Basic compression for better performance
diff --git a/hub/settings.py b/hub/settings.py
index b61d8ed..b60fe96 100644
--- a/hub/settings.py
+++ b/hub/settings.py
@@ -55,6 +55,10 @@ CSRF_TRUSTED_ORIGINS = [f"https://{h}" for h in HTTPS_HOSTS] + [
 # Primary website URL
 WEBSITE_URL = env.str("WEBSITE_URL", default="https://servala.com")
 
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+USE_X_FORWARDED_HOST = True
+USE_X_FORWARDED_PORT = True
+
 # Application definition
 
 INSTALLED_APPS = [