mirror of
https://github.com/zulip/zulip.git
synced 2025-10-30 11:33:51 +00:00
3ec896ebda
In some cases, it is not possible to configure the load-balancer to add an X-Forwarded-Proto header. If Zulip is serving its traffic over HTTP, it will rightly error out, since it cannot guarantee that its response will be served over an encrypted connection. Add a new `loadbalancer.rejects_http_requests` settings which serves as a way for the operator to swear that the load-balancer will *never* serve responses from Zulip over an unencrypted connection. In most cases, this is because the load-balancer is configured to have port 80 always serve an HTTP 301 redirect to the same URL over HTTPS. Properly configuring the proxy to send `X-Forwarded-Proto` is always a better solution than using this configuration parameter, so use of this should be viewed as a last resort.