mirror of
https://github.com/qbittorrent/qBittorrent.git
synced 2024-10-22 02:36:15 +03:00
Use the proper variable $http_host
for X-Forwarded-Host header and remove unnecessary setting for Host header
parent
94e292ba35
commit
8e9220b37a
1 changed files with 11 additions and 4 deletions
|
@ -1,15 +1,22 @@
|
|||
If you're using NGINX as a reverse proxy for Web UI, as of version 4.0.3, assuming your reverse proxy is local, your `location /qbt/` should have the following settings:
|
||||
If you're using NGINX as a reverse proxy for Web UI, assuming your reverse proxy is local, your `location /qbt/` should have the following settings:
|
||||
|
||||
```nginx
|
||||
location /qbt/ {
|
||||
proxy_pass http://127.0.0.1:8080/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-Host $server_name:$server_port;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
|
||||
# The following directives effectively nullify Cross-site request forgery (CSRF)
|
||||
# protection mechanism in qBittorrent, only use them when you encountered connection problems.
|
||||
# You should consider disable "Enable Cross-site request forgery (CSRF) protection"
|
||||
# setting in qBittorrent instead of using these directives to tamper the headers.
|
||||
# The setting is located under "Options -> WebUI tab" in qBittorrent since v4.1.2.
|
||||
proxy_hide_header Referer;
|
||||
proxy_hide_header Origin;
|
||||
proxy_set_header Referer '';
|
||||
proxy_set_header Origin '';
|
||||
# proxy_set_header Host 127.0.0.1:8080; # if you use the "enable host header validation" setting with 127.0.0.1 in the "server domains" text box
|
||||
# add_header X-Frame-Options "SAMEORIGIN"; # not needed since 4.1.0
|
||||
|
||||
# Not needed since qBittorrent v4.1.0
|
||||
#add_header X-Frame-Options "SAMEORIGIN";
|
||||
}
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue