Proxy configuration
Overview¶
Team Edition includes a built-in reverse proxy for secure access and load balancing.
This article explains how to set up a proxy in the Team Edition Compose setup.
For proxy configuration in other deployment types, see README
in
the team-edition-deploy repository.
Configure proxy server¶
Starting in version 25.1
, Team Edition supports two proxy types: Nginx and HAProxy. Set the proxy type in
your .env
file:
If you previously used Nginx and want to switch to HAProxy, you can do it without losing configuration or SSL certificates - shared Docker volumes handle it.
Info
For details on environment configuration, see Team Edition deployment from Docker Compose
Proxy ports¶
When using Docker Compose with network_mode: host
, set ports in your .env
file:
These control which ports the proxy listens to inside the container.
Extra step for Nginx¶
If you use Nginx and set a custom COMPOSE_PROJECT_NAME
in your .env
, pass it explicitly in the containerās
environment
block:
Note
This isnāt needed for HAProxy - it resolves service names via Docker DNS.
Force HTTPS mode¶
Force HTTPS enforces secure connections across the entire application. When this option is enabled, the server automatically redirects all HTTP requests to HTTPS and sets cookies with the Secure flag, so theyāre never sent over unencrypted channels.
Why enable force HTTPS¶
- Protect sensitive data - ensures that credentials, tokens, and query results are never transmitted in plain text
- Stay compliant - many organizations, regulations, and audits require HTTPS-only communication
- Remove inconsistencies - even if users try to connect via
http://
, theyāre redirected tohttps://
- Harden authentication - secure cookies prevent hijacking over unencrypted channels
Tip
Browsers like Chrome may auto-upgrade some HTTP connections, but this isnāt guaranteed for all users or environments. Force HTTPS ensures the same security policy everywhere.
Turn on force HTTPS¶
-
You can enable Force HTTPS in one of the following ways:
- during initial setup, in the Easy Config wizard when starting the application
- later, in Settings -> Administration -> Server configuration
- or, by setting the environment variable:
Info
For details, see Server configuration.
-
Confirm that your proxy already has valid SSL certificates (see SSL certificates)
Once enabled, all requests over port 80 will be redirected to 443, and session cookies will be marked secure.
Warning
If SSL isnāt configured in the proxy, enabling force HTTPS will make the application unreachable.
Multiple server URLs¶
You can allow access from several domains instead of a single entry point. This improves SSO, migration, and high-availability scenarios.
For details, see Multiple server URLs.