Merge branch '2.2.x'

Closes gh-19404

Merge branch '2.2.x'
Closes gh-19404
1e117c70 · Brian Clozel · dabb9b89 · 97943739 · 1e117c70
Commit 1e117c70 authored Dec 19, 2019 by Brian Clozel
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 5 deletions

howto.adoc ...oot-project/spring-boot-docs/src/main/asciidoc/howto.adoc +11 -5

No files found.
--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
@@ -786,13 +786,19 @@ For more details, see {jetty-docs}/configuring-jetty-request-logs.html[the Jetty


 [[howto-use-behind-a-proxy-server]]
-[[howto-use-tomcat-behind-a-proxy-server]]
 === Running Behind a Front-end Proxy Server
-Your application might need to send `302` redirects or render content with absolute links back to itself.
-When running behind a proxy, the caller wants a link to the proxy and not to the physical address of the machine hosting your app.
-Typically, such situations are handled through a contract with the proxy, which adds headers to tell the back end how to construct links to itself.
+If your application is running behind a proxy, a load-balancer or in the cloud, the request information (like the host, port, scheme...) might change along the way.
+Your application may be running on `10.10.10.10:8080`, but HTTP clients should only see `example.org`.

-If the proxy adds conventional `X-Forwarded-For` and `X-Forwarded-Proto` headers (most proxy servers do so), the absolute links should be rendered correctly, provided `server.forward-headers-strategy` is set to `NATIVE` or `FRAMEWORK` in your `application.properties`.
+https://tools.ietf.org/html/rfc7239[RFC7239 "Forwarded Headers"] defines the `Forwarded` HTTP header; proxies can use this header to provide information about the original request.
+You can configure your application to read those headers and automatically use that information when creating links and sending them to clients in HTTP 302 responses, JSON documents or HTML pages.
+There are also non-standard headers, like `X-Forwarded-Host`, `X-Forwarded-Port`, `X-Forwarded-Proto`, `X-Forwarded-Ssl`, and `X-Forwarded-Prefix`.
+
+If the proxy adds the commonly used `X-Forwarded-For` and `X-Forwarded-Proto` headers, setting `server.forward-headers-strategy` to `NATIVE` is enough to support those.
+With this option, the Web servers themselves natively support this feature; you can check their specific documentation to learn about specific behavior.
+
+If this is not enough, Spring Framework provides a {spring-framework-docs}web.html#filters-forwarded-headers[ForwardedHeaderFilter].
+You can register it as a Servlet Filter in your application by setting `server.forward-headers-strategy` is set to `FRAMEWORK`.

 NOTE: If your application runs in Cloud Foundry or Heroku, the configprop:server.forward-headers-strategy[] property defaults to `NATIVE`.
 In all other instances, it defaults to `NONE`.