Tutorial: How to configure snipeit with reverse proxy using lighttpd

[mckaygerhard]

Hi, the documentation mentions that we should use apache2 or nginx in front. But nothing about lighttpd. I will try to provide people directions to property configure lighttps for reverse proxy.

Since 1.4.47 lighttpd adds severals features usefully to helps to made reverse proxy over mixed protocol. snipeit is build over laravel and its a headhache but can be manage to bypass such paranoic security, cos is that the culprit.

1 - set a soft light values on snipeit env

Laravel "impossible" way of snipeit as snipeit documentation recommends for proxy reverse, is based on the .env variable REFERRER_POLICY set a default to same-origin, that forces the same protocol as the documentation said https://developer.mozilla.org/es/docs/Web/Security/Same-origin_policy that is pretty undocumented on snipeit documentation basically

So for older lighttpd users this REFERRER_POLICY must be set to unsafe-url if you have so older version or the recommended origin-when-cross-origin for lighttpd up to 1.4.52+ that has features for reverse proxyes.

Then the value of APP_URL must be set to the public or http url access of the reverse proxy on lighttpd, not the url of the internal server machine.

2 - set the configuration of lighttpd

Lighttpd software now has the ability to configure headers better since 1.4.51+ so you must set the following parameters, the proxy.forwarded = ( "proto" => 1,"remote_user" => 1 ) and the proxy.header = ( "https-remap" => "enable" )

Then, set the direct address ip of the snipeit server on the proxy server of lighttp as proxy.server = ( "" => ("" => ( "host" => "ipaddresshere" ))).

NOTE If you have older version of lighttpd just add also the proxy.header = ( "https-remap" => "enable" ) in combination with the REFERRER_POLICY as unsafe-url so https/http protocols can be mixed.