Add SYMFONY_TRUSTED_PROXIES in example Docker files and Readme

tchapi · tchapi · commit d9c40860219d · 2025-09-14T18:00:44.000+02:00
diff --git a/README.md b/README.md
@@ -206,6 +206,13 @@ APP_TIMEZONE=Australia/Lord_Howe
 > ```
 > in your environment file if you wish to use the **actual default timezone of the server**, and not enforcing it. 
 
+**j. Trusting forwarded headers**
+
+If you're behind one or several proxies, the TLS termination might be upstream and the application might not be aware of the HTTPS context. In order for urls to be generated with the correct scheme, you should indicate that you trust the chain of proxies until the TLS termination one. You can use the Symfony mechanism for that (see [documentation](https://symfony.com/doc/7.2/deployment/proxies.html) for possible values):
+
+```shell
+SYMFONY_TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR
+```
 
 #### Overriding the dotenv (`.env`) path
 
diff --git a/docker/.env b/docker/.env
@@ -54,3 +54,5 @@ MAIL_PORT=587
 MAIL_USERNAME=userdav
 MAIL_PASSWORD=test
 
+# Trust the proxy so that HTTPs context is forwarded
+SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR
diff --git a/docker/docker-compose-postgresql.yml b/docker/docker-compose-postgresql.yml
@@ -40,6 +40,7 @@ services:
       - DATABASE_DRIVER=postgresql
       - DATABASE_URL=postgresql://${DB_USER}:${DB_PASSWORD}@postgresql:5432/${DB_DATABASE}?serverVersion=15&charset=UTF-8
       - MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT}
+      - SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR
     depends_on:
       - postgresql
     volumes:
diff --git a/docker/docker-compose-sqlite.yml b/docker/docker-compose-sqlite.yml
@@ -30,6 +30,7 @@ services:
       - DATABASE_DRIVER=sqlite
       - DATABASE_URL=sqlite:////data/davis-database.db # ⚠️ 4 slashes for an absolute path ⚠️ + no quotes (so Symfony can resolve it)
       - MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT}
+      - SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR
     volumes:
       - davis_www:/var/www/davis
       - davis_data:/data
diff --git a/docker/docker-compose-standalone.yml b/docker/docker-compose-standalone.yml
@@ -27,6 +27,7 @@ services:
       - DATABASE_DRIVER=mysql
       - DATABASE_URL=mysql://${DB_USER}:${DB_PASSWORD}@mysql:3306/${DB_DATABASE}?serverVersion=mariadb-10.6.10&charset=utf8mb4
       - MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT}
+      - SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR
     depends_on:
       - mysql
     ports:
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -43,6 +43,7 @@ services:
       - DATABASE_DRIVER=mysql
       - DATABASE_URL=mysql://${DB_USER}:${DB_PASSWORD}@mysql:3306/${DB_DATABASE}?serverVersion=mariadb-10.6.10&charset=utf8mb4
       - MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT}
+      - SYMFONY_TRUSTED_PROXIES=REMOTE_ADDR
     depends_on:
       - mysql
     volumes:
