[Enhancement Request] Document Apache Reverse Proxy Settings #901

New issue

Closed

opened 2026-02-20 11:08:44 -05:00 by deekerman · 2 comments

deekerman commented 2026-02-20 11:08:44 -05:00

Owner

Copy link

Originally created by @tkedwards on GitHub (Oct 20, 2025).

I've started using Heimdall with an Apache reverse proxy. I needed to search the web and even use ChatGPT to find the right settings, which don't seem to be documented in one place anywhere. I'm using the Docker image and the Apache r-proxy is running on the Docker host machine, with Heimdall Docker running on 10080 on that Docker host.

I was getting a problem where no CSS or scripts would load. These are the fixed settings that reverse-proxy Heimdall properly:

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com

    # Automatic redirect to https, see https://wiki.apache.org/httpd/RedirectSSL
    Redirect / https://www.example.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName example.com
    ServerAlias www.example.com

    SSLEngine on

    # Proxy to Heimdall
    ProxyPass / http://127.0.0.1:10080/ retry=0 timeout=5
    ProxyPassReverse / http://127.0.0.1:10080/

    ProxyPreserveHost On
    ProxyRequests Off

    # Fix cookie & path issues
    ProxyPassReverseCookieDomain 127.0.0.1 www.example.com
    ProxyPassReverseCookiePath / /

    # Critical: make Heimdall aware of HTTPS
    RequestHeader set X-Forwarded-Proto "https"

    # Optional security headers
    Header always set X-Frame-Options SAMEORIGIN
    Header always set X-Content-Type-Options nosniff
    Header always set Referrer-Policy strict-origin-when-cross-origin

    # SSL certificate from Let's Encrypt
    SSLCertificateFile  /etc/ssl/_wildcard.example.com/cert.pem
    SSLCertificateKeyFile /etc/ssl/_wildcard.example.com/privkey.pem

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    SSLCertificateChainFile /etc/ssl/_wildcard.example.com/fullchain.pem

</VirtualHost>

Originally created by @tkedwards on GitHub (Oct 20, 2025). I've started using Heimdall with an Apache reverse proxy. I needed to search the web and even use ChatGPT to find the right settings, which don't seem to be documented in one place anywhere. I'm using the Docker image and the Apache r-proxy is running on the Docker host machine, with Heimdall Docker running on 10080 on that Docker host. I was getting a problem where no CSS or scripts would load. These are the fixed settings that reverse-proxy Heimdall properly: ``` <VirtualHost *:80> ServerName example.com ServerAlias www.example.com # Automatic redirect to https, see https://wiki.apache.org/httpd/RedirectSSL Redirect / https://www.example.com/ </VirtualHost> <VirtualHost *:443> ServerName example.com ServerAlias www.example.com SSLEngine on # Proxy to Heimdall ProxyPass / http://127.0.0.1:10080/ retry=0 timeout=5 ProxyPassReverse / http://127.0.0.1:10080/ ProxyPreserveHost On ProxyRequests Off # Fix cookie & path issues ProxyPassReverseCookieDomain 127.0.0.1 www.example.com ProxyPassReverseCookiePath / / # Critical: make Heimdall aware of HTTPS RequestHeader set X-Forwarded-Proto "https" # Optional security headers Header always set X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options nosniff Header always set Referrer-Policy strict-origin-when-cross-origin # SSL certificate from Let's Encrypt SSLCertificateFile /etc/ssl/_wildcard.example.com/cert.pem SSLCertificateKeyFile /etc/ssl/_wildcard.example.com/privkey.pem # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. SSLCertificateChainFile /etc/ssl/_wildcard.example.com/fullchain.pem </VirtualHost> ```

deekerman 2026-02-20 11:08:44 -05:00

• closed this issue
• added the
  no-issue-activity
  closed-issue-activity
  labels

deekerman commented 2026-02-20 11:08:45 -05:00

Author

Owner

Copy link

@LinuxServer-CI commented on GitHub (Nov 19, 2025):

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

@LinuxServer-CI commented on GitHub (Nov 19, 2025): This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

deekerman commented 2026-02-20 11:08:46 -05:00

Author

Owner

Copy link

@LinuxServer-CI commented on GitHub (Feb 17, 2026):

This issue is locked due to inactivity

@LinuxServer-CI commented on GitHub (Feb 17, 2026): This issue is locked due to inactivity

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

2.x

bugfix/items_with_no_password

gh-pages

bugfix/allow_ico_images

bugfix/two_dots

feature/search_from_url

bugfix/search_category_tiles

feature/throttle_websitelookup

bugfix/missing_comma

revert-1288-2.x

bug/links_opening_in_new_tab_keep_focus

feature/update_npm_dependencies_and_use_mix

master

2.6.0

3.x

lv7-inertia

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.3

v2.6.2

v2.6.1

v2.6.0

V2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.15

v2.4.14

v2.4.13

v2.4.11

v2.4.12

v2.4.10

v2.4.9

v2.4.8

v2.4.7b

v2.4.7

v2.4.6

V2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.2

v2.3.1

v2.3.0

2.2.2

2.2.1

2.2.0

2.1.13

2.1.12

2.1.11

2.1.10

2.1.9

2.1.8

2.1.7

2.1.6

2.1.5

2.1.4

2.1.3

2.1.2

2.1.1

2.1.0

2.0.3

2.0.2

2.0.1

2.0.0

1.4.17

1.4.16

1.4.15

1.4.14

1.4.13

1.4.12

1.4.11

1.4.10

1.4.9

1.4.8

1.4.7

1.4.6

1.4.5

1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

Labels

Clear labels   

EnhancedApp

  

FoundationApp

  

FoundationApp

  

FoundationApp

  

bug

  

closed-issue-activity

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

no-issue-activity

  

question

  

research

  

research

  

stale

  

wontfix

No labels

EnhancedApp

FoundationApp

FoundationApp

FoundationApp

bug

closed-issue-activity

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

no-issue-activity

question

research

research

stale

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Heimdall#901

No description provided.