Reaching Hestia behind Proxies

mushy287 · January 17, 2025, 3:40pm

Hello, I am trying to reach Hestia on my backend server (not only hestia) behind cloudflare and nginx proxies.

I would continue to use Hestia through the IP directly but I can’t open phpmyadmin and the fix for this from the documentation didnt work for me.

cloudflare is set to flexible SSL pointing to a proxy server which is pointing to another proxy server which is pointing to the hestia server.

I didnt manage to setup full ssl because I would need extra domains/subdomains for every proxy server.

proxy 1 configuration:

server {
listen *:80;
server_name example . com hcp.example . com www.example . com;
client_max_body_size 100M;
proxy_read_timeout 600s;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;

location / {
    proxy_set_header CF-Connecting-IP $http_cf_connecting_ip;
    proxy_set_header X-Real-IP $remote_addr;  
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header Host $host; 
    proxy_pass http://proxy-2-IP;
}

}

proxy 2 configuration:

server {
listen *:80;
server_name example . com www.example . com;
client_max_body_size 100M;
proxy_read_timeout 600s;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;

location / {
    proxy_set_header CF-Connecting-IP $http_cf_connecting_ip;
    proxy_set_header X-Real-IP $remote_addr;  
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header Host $host; 
    proxy_pass http://backend-IP;
}

}

server {
listen *:80;
server_name hcp.example . com;
client_max_body_size 100M;
proxy_read_timeout 600s;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;

location / {
    proxy_set_header CF-Connecting-IP $http_cf_connecting_ip;
    proxy_set_header X-Real-IP $remote_addr;  
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header Host $host; 
    proxy_pass http://backend-IP:8083;
}

}

linkp · January 17, 2025, 6:45pm

Welcome to the HestiaCP forum.

Please don’t do that. Not only is it insecure, it often creates redirect loops. Get your certs sorted and make a proper connection over TLS or consider using Cloudflare Tunnels.

That sounds beyond mad. I don’t expect that you will be able to get much support here with the triple-proxied monstrosity that you have cobbled together.

You may wait to see if someone else is willing to assist with your unconventional setup.