Support for Instances behind reverse-proxy
MrDrache333 opened this issue · 4 comments
Is your feature request related to a problem? Please describe.
For me it's not possible to connect to a portainer instance behind a reverse-proxy like Cloudflare. When I try to use my Domain like https://portainer.mydomain.de it will internally forward my request to the specific host and port like localhost:9001. This works well when you try to access the portainer instance on mobile devices or on a different network.
Describe the solution you'd like
I would like to see a solution to connect to instances behind a reverse-proxy. Additionally a separated debug mode to see possible detailed error messages when connecting would be nice because I only see "Unknown Error".
Another great feature would be to make it possible to add custom headers to the connection. For example external used tokes to authenticate to Cloudflare access or other firewall solutions to bypass them.
Additional Info
I can provide you with a test-portainer instance with reverse proxy to test on if you like to.
If you're able to, please email me the address to the Portainer instance - I'll see what's going wrong!
As to the custom headers - implementing this would complicate a lot of things, and I prefer to keep the app as easy-to-use as possible. I know that it's not the same thing, but you can match requests based on UA (i.e. Harbour/1 CFNetwork/1492.0.1 Darwin/23.3.0) and x-api-key (the Portainer token) :)
Just wanted to drop a note here to say that I have a similar issue on a different setup. I have my portainer at https://portainer.my.domain behind a Traefik reverse proxy on my server. Traefik handles the TLS connection and forwards requests to portainer's port 9000. I get the same unknown error on the app.
Update: Thanks to @kWeglinski comment below, I realized I had made a couple of mistakes with how I had set up Traefik with Portainer. I had also misconfigured the OAuth interface to Portainer, and while it worked on the web interfae, it was breaking the app. I now have it set up correctly and can access portainer from the app without any issues.
Chiming in with a note - I'm running on reverse proxy without any issue. Main difference is it's selfhosted node proxy manager, running over vpn with custom DNS server. Worked out of the box.
Standard settings for npm, portainer is running in http, npm slaps ssl on top.
I also use Traefik to access Portainer running as subdomain. I use Traefik Forward Auth to protect all instances with Google Authentication. I also use Cloudflare for DNS.
I am getting the same “unknown error”.
edit: I noticed in the configuration labels for Traefik that I only enabled /api/stacks/webhooks to be accesible without any authentication. When changing this to /api I noticed that Harbour started working.