[Setup] Support X-Forwarded-Proto header (#8790)

* Remove use_x_forwarded_port setting

- As per the docs, this is ignored in favour of use_x_forwarded_host
- So, is not being used anyway

* Add note on x_forwarded_host option

* Add warning message if SITE_URL not provided

* Add support for SECURE_PROXY_SSL_HEADER

* Update configuration template file

* Update SITE_URL docs

* Remove line

* Re-add use_x_forwarded_port

* Docs tweak

* Improve wording

* Fix broken link

src/backend/InvenTree/InvenTree/settings.py

@@ -1063,6 +1063,12 @@ if SITE_URL:
         print(f"Invalid SITE_URL value: '{SITE_URL}'. InvenTree server cannot start.")
         sys.exit(-1)
 
+else:
+    logger.warning('No SITE_URL specified. Some features may not work correctly')
+    logger.warning(
+        'Specify a SITE_URL in the configuration file or via an environment variable'
+    )
+
 # Enable or disable multi-site framework
 SITE_MULTI = get_boolean_setting('INVENTREE_SITE_MULTI', 'site_multi', False)
 
@@ -1183,6 +1189,18 @@ SESSION_COOKIE_SECURE = (
     )
 )
 
+# Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#std-setting-SECURE_PROXY_SSL_HEADER
+if ssl_header := get_boolean_setting(
+    'INVENTREE_USE_X_FORWARDED_PROTO', 'use_x_forwarded_proto', False
+):
+    # The default header name is 'HTTP_X_FORWARDED_PROTO', but can be adjusted
+    ssl_header_name = get_setting(
+        'INVENTREE_X_FORWARDED_PROTO_NAME',
+        'x_forwarded_proto_name',
+        'HTTP_X_FORWARDED_PROTO',
+    )
+    SECURE_PROXY_SSL_HEADER = (ssl_header_name, 'https')
+
 USE_X_FORWARDED_HOST = get_boolean_setting(
     'INVENTREE_USE_X_FORWARDED_HOST',
     config_key='use_x_forwarded_host',

src/backend/InvenTree/config_template.yaml

@@ -25,6 +25,9 @@ database:
   # HOST: Database host address (if required)
   # PORT: Database host port (if required)
 
+# Base URL for the InvenTree server (or use the environment variable INVENTREE_SITE_URL)
+# site_url: 'http://localhost:8000'
+
 # Set debug to False to run in production mode, or use the environment variable INVENTREE_DEBUG
 debug: False
 
@@ -45,8 +48,10 @@ log_level: WARNING
 # Configure if logs should be output in JSON format
 # Use environment variable INVENTREE_JSON_LOG
 json_log: False
+
 # Enable database-level logging, or use the environment variable INVENTREE_DB_LOGGING
 db_logging: False
+
 # Enable writing a log file, or use the environment variable INVENTREE_WRITE_LOG
 write_log: False
 
@@ -56,8 +61,6 @@ language: en-us
 # System time-zone (default is UTC). Reference: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 timezone: UTC
 
-# Base URL for the InvenTree server (or use the environment variable INVENTREE_SITE_URL)
-site_url: 'http://localhost:8000'
 
 # Add new user on first startup by either adding values here or from a file
 #admin_user: admin
@@ -114,14 +117,11 @@ allowed_hosts:
 #   - 'http://localhost'
 #   - 'http://*.localhost'
 
-# Proxy forwarding settings
-# If InvenTree is running behind a proxy, you may need to configure these settings
-
-# Override with the environment variable INVENTREE_USE_X_FORWARDED_HOST
-use_x_forwarded_host: false
-
-# Override with the environment variable INVENTREE_USE_X_FORWARDED_PORT
-use_x_forwarded_port: false
+# Enable Proxy header passthrough
+# Override with the environment variable INVENTREE_USE_X_FORWARDED_<HEADER>
+# use_x_forwarded_host: true
+# use_x_forwarded_port: true
+# use_x_forwarded_proto: true
 
 # Cookie settings (nominally the default settings should be fine)
 cookie:
@@ -160,7 +160,6 @@ cache:
   host: 'inventree-cache'
   port: 6379
 
-
 # Login configuration
 login_confirm_days: 3
 login_attempts: 5