From 1b8f579da24b24115e7da349f98b7c600376a193 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Wed, 1 Oct 2014 15:43:41 +0100 Subject: [PATCH] Clarify activation of RemoteIpValve Fixes gh-1631 --- spring-boot-docs/src/main/asciidoc/howto.adoc | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/spring-boot-docs/src/main/asciidoc/howto.adoc b/spring-boot-docs/src/main/asciidoc/howto.adoc index 2f6704aded..fd45148d54 100644 --- a/spring-boot-docs/src/main/asciidoc/howto.adoc +++ b/spring-boot-docs/src/main/asciidoc/howto.adoc @@ -465,9 +465,19 @@ HTTPS connector: [[howto-use-tomcat-behind-a-proxy-server]] === Use Tomcat behind a front-end proxy server -Spring Boot will automatically configure Tomcat's `RemoteIpValve`. This allows you to +Spring Boot will automatically configure Tomcat's `RemoteIpValve` if you enable it. This allows you to transparently use the standard `x-forwarded-for` and `x-forwarded-proto` headers that -most front-end proxy servers add. If your proxy uses different headers you can +most front-end proxy servers add. The valve is switched on by setting one or both of these +properties to something non-empty (these are the conventional values used by most proxies, and if +you only set one the other will be set automatically): + +[indent=0] +---- + server.tomcat.remote_ip_header=x-forwarded-for + server.tomcat.protocol_header=x-forwarded-protocol +---- + +If your proxy uses different headers you can customize the valve's configuration by adding some entries to `application.properties`, e.g.