Issue
As a user testing Appsmith on-prem, I had concerns about exposing the server to ports 80 and 443 directly to the internet. I wanted to set up nginx to proxy connections and terminate SSL for Appsmith in our DMZ. I also had questions about using LetsEncrypt on the nginx proxy and configuring Google Oauth2. The Appsmith team provided helpful guidance and a fix for the Google Oauth2 issue, which was eventually released in a patch. Overall, the experience was positive and the team was responsive to my needs.
Resolution
The user was testing Appsmith on-prem and had questions about security and configuration. They were hesitant to expose their server to ports 80 and 443 directly to the internet, so they set up an NGINX reverse proxy to terminate SSL for Appsmith in their DMZ. They wanted to use Let's Encrypt on the NGINX proxy, which should not interfere with Let's Encrypt in Appsmith.
However, they encountered an issue with Google OAuth2 not working behind NGINX, and found a fix by modifying the code manually in the Docker image. The issue was later fixed in Appsmith version 1.8.6.
The solution involved configuring NGINX to send the X-Forwarded-Host header correctly, modifying SSL certificate settings, and ensuring Appsmith had access to the internet. The NGINX config code example was provided in the conversation.