Back to Community Threads
Apache as proxy
Problem reported by Daniele (TDBnet) - 1/23/2026 at 11:18 AM
Resolved
Hi, I set a simple Apache Proxy for the SM webmail. Apache runs on a different server from SM.

The Virtualhost config is really simple, and these are the proxy related config raws:

    ProxyRequests off
    ProxyPass / http://SM_SRV_IP:17017/
    ProxyPassReverse / http://SM_SRV_IP:17017/

All is running right, but if the user looks under "setting - connectivity - authenticated IPs", the proxy IP server is listed instead of its client IP.

How can I have the client IP correctly listed here?

Daniele
Sébastien Riccio Replied
1/30/2026 at 4:11 AM
Caddy could be even better instead of apache :)

As for getting the real IP of the visitor, it would be up to the SmarterMail built-in http server to look up for headers transmitted by the reverse proxy (if correctly configured for this), such as:

X-Forwarded-For
A comma‑separated list of IP addresses; the leftmost is usually the original client, and each proxy appends its own IP.
Example: X-Forwarded-For: 203.0.113.10, 198.51.100.1

X-Real-IP
Often set to the single “real” client IP (the one the proxy directly sees), without chaining.
Common in nginx‑style setups.

X-Forwarded-Proto
Not an IP header, but usually sent alongside: indicates the original scheme (http or https).

I don't know if SM cares about these. If not, it could really be a nice (mandatory?) addition.
Also it would require a configurable option in SM to declare IP addresses of "trusted proxies", so it only cares about these headers when the proxy IP is trusted.
Then SM should use this value as the visitor IP for incoming http requests.
Sébastien Riccio System & Network Admin https://swisscenter.com
Sébastien Riccio Replied
1/30/2026 at 9:13 AM
Actually, looking at the default IIS config acting as a reverse proxy in front of SM, I see it is transmitting these headers:


They look strange to me though because they should use hypens instead of underscore, without HTTP_ prefix, but that's maybe an IIS thing.

In your apache config you might want to set them explicitly:

RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-Host" expr=%{HTTP_HOST}
ProxyRequests off
ProxyPass / http://SM_SRV_IP:17017/
ProxyPassReverse / http://SM_SRV_IP:17017/
But then again, SM will maybe only take these headers into account if it comes from a trusted proxy (from 127.0.0.1 by default I guess)
Sébastien Riccio System & Network Admin https://swisscenter.com
J
J. LaDow Replied
1/30/2026 at 9:15 AM
IIS DOES use the underscores in place of dashes, as well as prefixing all HTTP host headers with HTTP_

So X-Forwarded-Host in IIS = {HTTP_X_FORWARDED_HOST}

(from Microsoft):
MailEnable survivor / convert --
Sébastien Riccio Replied
1/30/2026 at 9:20 AM
Thanks J. LaDow for the info. It was a bit confusing for me to see headers declared with underscores, I'm not an ISS guru, but now it makes sense :)
Sébastien Riccio System & Network Admin https://swisscenter.com
Daniele (TDBnet) Replied
1/30/2026 at 9:48 AM
Marked As Resolution
Update.

I'm proxying now using Apache by installing it on the SM server and using this config

    ProxyRequests off
    ProxyPass / http://127.0.0.1:17017/
    ProxyPassReverse / http://127.0.0.1:17017/
    RequestHeader set X-Forwarded-Proto https

RequestHeader raw is mandatory to avoid too_many_redirects errors.

Using Apache instead of IIS also solved the throughput limit I described on my post https://portal.smartertools.com/community/a97665/slow-upload-speed-for-file-storage.aspx

Thank you!
J
J. LaDow Replied
1/30/2026 at 9:52 AM
I would have to research things, but somewhere via web.config directives, IIS can be coerced into different settings for POST data such as chunk size, maximum request size, and the threshold for committing uploaded chunks to disk. 

It would take some research and testing to find these settings and report back but that might be part of the issue. We used to deal with it a LOT in older .NET Framework based applications - but we don't have much experience in newer .NET versions as most default settings have been sufficient.
MailEnable survivor / convert --
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Configure an Alternative Linux Web Server for SmarterMailSmarterMail > Server Configuration and Management
Configure URL Rewriting for Autodiscover on LinuxSmarterMail > Server Configuration and Management
Force Traffic Over HTTPS when using a Reverse ProxySmarterMail > Server Configuration and Management
500 Error After Upgrading to the Latest BuildSmarterMail > Troubleshooting
Automated SSL certificate Issues.SmarterMail > Troubleshooting