Requests

This page describes configuration items to tweak how inbound and outbound requests are handled within the application.

Contents

Configuring Trusted Redirect Hosts
Configuring Trusted Proxies
Configuring an Outbound Proxy

For details on how to set the below configuration items, please read Environment Variables.

Configuring Trusted Redirect Hosts

When logging into the application, sometimes a redirect URI is specified to take the user back to the page that they were previously viewing. The redirect URI is validated for security reasons, and by default, only the help desk domain is permitted.

Trusted hosts can be configured using a comma delimited list of host names via the TRUSTED_REDIRECT_HOSTS environment variable. For example, foo.com, foo.co.uk. To trust all hosts, use *.


    TRUSTED_REDIRECT_HOSTS=foo.com, foo.co.uk

Configuring Trusted Proxies

If your web servers sit behind a load balancer, HTTP cache, or other intermediary (reverse) proxy, SupportPal requires some additional configuration. Otherwise, SupportPal will not be able to correctly determine the client's IP address, whether the client is connecting via HTTPS, the client's port, and the hostname being requested.

To solve that, you can configure a comma delimited list of reverse proxy addresses (IP addresses and hostnames) via the TRUSTED_PROXY_IPS environment variable. For example, 192.168.1.1, 192.168.1.2.


    TRUSTED_PROXY_IPS=192.168.1.1, 192.168.1.2

Trusting All Proxies

If you are using Amazon AWS, Cloudflare, or another "cloud" load balancer provider, you may not know the IP addresses of your actual balancers. To trust all addresses in the IPv4 and IPv6 address space:


    TRUSTED_PROXY_IPS=0.0.0.0/0, ::/0

Configuring an Outbound Proxy

The application makes several external network connections, for example to our licensing server, to download emails, and so on. If necessary, this traffic can be sent through an outbound proxy.

libcurl version 7.50.2 or above is required.
To check what version of libcurl is available, open Utilities -> System -> PHP Information within the operator panel and search for "curl". The "cURL Information" row in the table will display the libcurl version in use. Please also check what version of libcurl the cron is using, see php command line options for guidance.

The outbound proxy can be configured via the OUTBOUND_PROXY_URI environment variable and accepts a valid URI.


    OUTBOUND_PROXY_URI=socks5://bob:marley@localhost:12345

The following schemes are supported:

http://
HTTP Proxy
https://
HTTPS Proxy. (Added in libcurl 7.52.0 for OpenSSL, GnuTLS and NSS)
socks4://
SOCKS4 Proxy.
socks4a://
SOCKS4a Proxy. Proxy resolves URL hostname.
socks5://
SOCKS5 Proxy.
socks5h://
SOCKS5 Proxy. Proxy resolves URL hostname.