Updated Setup Reverse Proxy (markdown)

2025-04-23 11:13:11 +00:00 · 2020-01-05 08:16:54 -05:00 · 2020-01-05 08:16:54 -05:00 · d164520134
commit d164520134
parent f3b9fb7836
1 changed files with 5 additions and 0 deletions
--- a/Setup-Reverse-Proxy.md
+++ b/Setup-Reverse-Proxy.md
@ -106,3 +106,8 @@ My web.config file looks like this:

 The crossed out sections aren't needed, they are leftovers from my experiments.

+### Login via header from upstream authentication source
+
+If your reverse proxy has some kind of authentication mechanism, you can configure Calibre-web to log users in based on headers received from the proxy. If using this feature, it's important that only the proxy is exposed to users, because if the Calibre-web instance is at all directly exposed to traffic, then a malicious user will be able to log in as any user that exists via simply setting a header.
+
+In the admin configuration, check the box marked `Allow Reverse Proxy Authentication`, and then fill in the text box that appears with the name of the header that will contain the username.