Hi,
I am setting up Shinyproxy to run in a docker container, in front of a Nginx SSL reverse proxy itself running in a docker container.
The difficulty is that I cannot expose port 80 nor 443 on my host.
But I noticed that Shinyproxy seems to post the login form on the address http://host/login, no matter the proxy headers added by NGINX.
The rest of the app is functional. I found the issue only for login and logout.
After some research, I tried to add the command below in the yml file:
server:
use-forward-headers: true
I believe that it is the same issue as:
or
http://www.knowledgefolders.com/akc/servlet/DisplayServlet?url=DisplayNoteMPURL&reportId=1711&ownerUserId=satya
I wonder if this is a security concern because it would basically mean that the password is sent in clear text.
Am I right?
Thanks for your help,
Regards,
Ben