Enonic version: 6.12.2
OS: Windows :frowning:

Do Enonic XP support the X-Forwarded-Host header?
So that all urls generators would use that rather than request.host?

In principle the header is supported and we use the value from the header as Host, if specified.
Have you tested it?
Is there anything not working as it should?

I have not tried it.

I want to use it to simplify the vhost config.
Instead of having one vhost mapping per “way to get there”.
I want to have one mapping per site.

A proxy will set a single common host header.
The vhost config will use that host name,
But Enonic url generators (on type absolute) will use the X-Forwarded-Host header so that urls returned to the client will be the on the same host as they requested.

I guess X-Forwarded-Port also needs to be supported?

Letting the proxy rewrite all urls instead of letting Enonic generate “correct” ones, might not be safe?

Sounds a bit complicated. But I am curious if it works.
There is no X-Forwarded-Port, X-Forwarded-Host may include the port.

Hmm… Unsure what you want to achieve? Do you only want one vhost entry, but still have routing into different sites?

There will still be one mapping per site.

But not one per site times per way to reach that site.
A single site may have many public urls.

With 3 sites I currently have 90 mappings.
That’s madness to manage…

Maybe you could show an example of what such a config might look like? 30 mappings to a site sounds a bit like madness to me - does this mean the customer has 30 active domains? Why not redirect to the main domain using a rewrite rule in the webserver instead?

Even the admin has multiple “public” urls.

Which means these multiply quickly:

• /
• /admin Why does the / mapping not cover this one?
• /admin/rest Why does the admin mapping not cover this one?
• /api Why does the / mapping not cover this one?
• /status Why does the / mapping not cover this one?
• /service mapping to /_service which I consider covered by the / mapping

A best practice documenation example would be useful.

The reason there is so many “public” urls is people accessing the site from different networks.
Each network having different urls.

The vhosts, are basically routers that send requests to a scoped url inside the server. Consider the following mapping (from the documentation):

mapping.admin.host = enonic.com
mapping.admin.source = /admin
mapping.admin.target = /admin

Any traffic to enonic.com/admin will now be forwarded to the interntal XP server path :8080/admin - so a request to enonic.com/admin/whatever will go to 8080:/admin/whatever. So no reason for mapping admin/rest additionally.

If you create a singe mapping like this:

mapping.everything.host = enonic.com
mapping.everything.source = /
mapping.everything.target = /

Then you will expose the entire server including administrative API’s, admin, and sites that may not be intended to be public etc.

NB! For future versions of XP we plan to move admin, status and api to other dedicated ports, leaving only the sites/apps part on port 8080.

As such, the reason why we have vhosts, it to avoid launcing new ports with underlying thread pools etc.

I guess on company internal networks, mapping / is not too bad, and would simplify the vhost file a lot.
Still not the best practice.

Yes, if you have an internal vhost like xp.internal you could expose everything through this, and just make sure this vhost is not routed in through your proxy for external users.