gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-18 00:17:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8c4bef27f0ff337571e21be052c8435fea952f2c
Pulse/docs/REVERSE_PROXY.md
rcourtman 8c4bef27f0 docs: improve reverse proxy HTTPS detection and Swarm troubleshooting 
- Add detailed HTTPS detection troubleshooting to REVERSE_PROXY.md
- Explain X-Forwarded-Proto header requirement for nginx/Caddy/Apache
- Add Docker Swarm troubleshooting section to UNIFIED_AGENT.md
- Document how to force Docker runtime if auto-detection fails

Based on customer feedback.
2026-01-07 18:23:48 +00:00

2.3 KiB
Raw Blame History

🔄 Reverse Proxy Setup

Pulse uses WebSockets for real-time updates. Your proxy MUST support WebSockets.

Quick Configs

Nginx

location / {
    proxy_pass http://localhost:7655;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    
    # Critical for WebSockets
    proxy_read_timeout 86400; # 24h
}

Caddy

pulse.example.com {
    reverse_proxy localhost:7655
}

Traefik (Docker Compose)

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.pulse.rule=Host(`pulse.example.com`)"
  - "traefik.http.services.pulse.loadbalancer.server.port=7655"

Apache

RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://localhost:7655/$1" [P,L]

ProxyPass / http://localhost:7655/
ProxyPassReverse / http://localhost:7655/

⚠️ Common Issues

"HTTPS: HTTP only" in Security Posture

If your reverse proxy terminates SSL but Pulse shows "HTTPS: HTTP only" in Settings → Security:

Cause: Pulse detects HTTPS in two ways:

  1. Direct TLS connection (req.TLS != nil)
  2. The X-Forwarded-Proto: https header

If your proxy terminates SSL but doesn't forward this header, Pulse sees plain HTTP.

Fix: Add the X-Forwarded-Proto header in your proxy config:

# Nginx
proxy_set_header X-Forwarded-Proto $scheme;

# Caddy (automatic, but explicit override if needed)
header_up X-Forwarded-Proto {scheme}

# Apache
RequestHeader set X-Forwarded-Proto "https"

Other Issues

  • "Connection Lost": WebSocket upgrade failed. Check Upgrade and Connection headers.
  • 502 Bad Gateway: Pulse is not running on port 7655.
  • CORS Errors: Do not add CORS headers in the proxy; Pulse handles them. Set Settings → System → Network → Allowed Origins or use ALLOWED_ORIGINS if needed.
  • OIDC redirects fail: Ensure X-Forwarded-Proto is set (see above).
  • Wrong client IPs: Set PULSE_TRUSTED_PROXY_CIDRS to your proxy IP/CIDR so X-Forwarded-For is trusted.