2025-04-10 15:52:02 -06:00
|
|
|
|
<!DOCTYPE html>
|
|
|
|
|
|
|
|
|
|
|
|
<html lang="en" data-content_root="../">
|
|
|
|
|
|
<head>
|
|
|
|
|
|
<meta charset="utf-8" />
|
|
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
|
|
|
|
<title>Tell Flask it is Behind a Proxy — Flask Documentation (3.2.x)</title>
|
|
|
|
|
|
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=6625fa76" />
|
|
|
|
|
|
<link rel="stylesheet" type="text/css" href="../_static/flask.css?v=b87c8d14" />
|
|
|
|
|
|
<script src="../_static/documentation_options.js?v=56528222"></script>
|
|
|
|
|
|
<script src="../_static/doctools.js?v=9bcbadda"></script>
|
|
|
|
|
|
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
|
|
|
|
|
|
<script data-project="flask" data-version="3.2.x" src="../_static/describe_version.js?v=fa7f30d0"></script>
|
|
|
|
|
|
<link rel="icon" href="../_static/shortcut-icon.png"/>
|
|
|
|
|
|
<link rel="index" title="Index" href="../genindex.html" />
|
|
|
|
|
|
<link rel="search" title="Search" href="../search.html" />
|
|
|
|
|
|
<link rel="next" title="nginx" href="nginx.html" />
|
2025-04-10 22:13:49 +00:00
|
|
|
|
<link rel="prev" title="ASGI" href="asgi.html" />
|
2025-04-10 15:52:02 -06:00
|
|
|
|
</head><body>
|
|
|
|
|
|
<div class="related" role="navigation" aria-label="Related">
|
|
|
|
|
|
<h3>Navigation</h3>
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li class="right" style="margin-right: 10px">
|
|
|
|
|
|
<a href="../genindex.html" title="General Index"
|
|
|
|
|
|
accesskey="I">index</a></li>
|
|
|
|
|
|
<li class="right" >
|
|
|
|
|
|
<a href="../py-modindex.html" title="Python Module Index"
|
|
|
|
|
|
>modules</a> |</li>
|
|
|
|
|
|
<li class="right" >
|
|
|
|
|
|
<a href="nginx.html" title="nginx"
|
|
|
|
|
|
accesskey="N">next</a> |</li>
|
|
|
|
|
|
<li class="right" >
|
|
|
|
|
|
<a href="asgi.html" title="ASGI"
|
|
|
|
|
|
accesskey="P">previous</a> |</li>
|
|
|
|
|
|
<li class="nav-item nav-item-0"><a href="../index.html">Flask Documentation (3.2.x)</a> »</li>
|
|
|
|
|
|
<li class="nav-item nav-item-1"><a href="index.html" accesskey="U">Deploying to Production</a> »</li>
|
2025-04-10 22:13:49 +00:00
|
|
|
|
<li class="nav-item nav-item-this"><a href="">Tell Flask it is Behind a Proxy</a></li>
|
2025-04-10 15:52:02 -06:00
|
|
|
|
</ul>
|
2025-04-10 22:13:49 +00:00
|
|
|
|
</div>
|
2025-04-10 15:52:02 -06:00
|
|
|
|
|
|
|
|
|
|
<div class="document">
|
|
|
|
|
|
<div class="documentwrapper">
|
|
|
|
|
|
<div class="bodywrapper">
|
|
|
|
|
|
<div class="body" role="main">
|
2025-04-10 22:13:49 +00:00
|
|
|
|
|
2025-04-10 15:52:02 -06:00
|
|
|
|
<section id="tell-flask-it-is-behind-a-proxy">
|
|
|
|
|
|
<h1>Tell Flask it is Behind a Proxy<a class="headerlink" href="#tell-flask-it-is-behind-a-proxy" title="Link to this heading">¶</a></h1>
|
|
|
|
|
|
<p>When using a reverse proxy, or many Python hosting platforms, the proxy
|
|
|
|
|
|
will intercept and forward all external requests to the local WSGI
|
|
|
|
|
|
server.</p>
|
|
|
|
|
|
<p>From the WSGI server and Flask application’s perspectives, requests are
|
|
|
|
|
|
now coming from the HTTP server to the local address, rather than from
|
|
|
|
|
|
the remote address to the external server address.</p>
|
|
|
|
|
|
<p>HTTP servers should set <code class="docutils literal notranslate"><span class="pre">X-Forwarded-</span></code> headers to pass on the real
|
|
|
|
|
|
values to the application. The application can then be told to trust and
|
|
|
|
|
|
use those values by wrapping it with the
|
|
|
|
|
|
<a class="reference external" href="https://werkzeug.palletsprojects.com/en/stable/middleware/proxy_fix/" title="(in Werkzeug v3.1.x)"><span>X-Forwarded-For Proxy Fix</span></a> middleware provided by Werkzeug.</p>
|
|
|
|
|
|
<p>This middleware should only be used if the application is actually
|
|
|
|
|
|
behind a proxy, and should be configured with the number of proxies that
|
|
|
|
|
|
are chained in front of it. Not all proxies set all the headers. Since
|
|
|
|
|
|
incoming headers can be faked, you must set how many proxies are setting
|
|
|
|
|
|
each header so the middleware knows what to trust.</p>
|
|
|
|
|
|
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span><span class="w"> </span><span class="nn">werkzeug.middleware.proxy_fix</span><span class="w"> </span><span class="kn">import</span> <span class="n">ProxyFix</span>
|
|
|
|
|
|
|
|
|
|
|
|
<span class="n">app</span><span class="o">.</span><span class="n">wsgi_app</span> <span class="o">=</span> <span class="n">ProxyFix</span><span class="p">(</span>
|
|
|
|
|
|
<span class="n">app</span><span class="o">.</span><span class="n">wsgi_app</span><span class="p">,</span> <span class="n">x_for</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">x_proto</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">x_host</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">x_prefix</span><span class="o">=</span><span class="mi">1</span>
|
|
|
|
|
|
<span class="p">)</span>
|
|
|
|
|
|
</pre></div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<p>Remember, only apply this middleware if you are behind a proxy, and set
|
|
|
|
|
|
the correct number of proxies that set each header. It can be a security
|
|
|
|
|
|
issue if you get this configuration wrong.</p>
|
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="clearer"></div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<span id="sidebar-top"></span>
|
|
|
|
|
|
<div class="sphinxsidebar" role="navigation" aria-label="Main">
|
|
|
|
|
|
<div class="sphinxsidebarwrapper">
|
2025-04-10 22:13:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
2025-04-10 15:52:02 -06:00
|
|
|
|
<p class="logo"><a href="../index.html">
|
|
|
|
|
|
<img class="logo" src="../_static/flask-vertical.png" alt="Logo of Flask"/>
|
|
|
|
|
|
</a></p>
|
2025-04-10 22:13:49 +00:00
|
|
|
|
|
2025-04-10 15:52:02 -06:00
|
|
|
|
<h3>Navigation</h3>
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li><a href="../index.html">Overview</a>
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li><a href="index.html">Deploying to Production</a>
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>Previous: <a href="asgi.html" title="previous chapter">ASGI</a>
|
|
|
|
|
|
<li>Next: <a href="nginx.html" title="next chapter">nginx</a></ul>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
<search id="searchbox" style="display: none" role="search">
|
|
|
|
|
|
<h3 id="searchlabel">Quick search</h3>
|
|
|
|
|
|
<div class="searchformwrapper">
|
|
|
|
|
|
<form class="search" action="../search.html" method="get">
|
|
|
|
|
|
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
|
|
|
|
|
|
<input type="submit" value="Go" />
|
|
|
|
|
|
</form>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</search>
|
|
|
|
|
|
<script>document.getElementById('searchbox').style.display = "block"</script><div id="ethical-ad-placement"></div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="clearer"></div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="footer" role="contentinfo">
|
|
|
|
|
|
© Copyright 2010 Pallets.
|
|
|
|
|
|
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.1.3.
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</body>
|
2025-04-10 22:13:49 +00:00
|
|
|
|
</html>
|
