Configuring DocuSeal Behind an Existing Reverse Proxy (nginx)

If you’re deploying DocuSeal behind an existing reverse proxy (such as nginx), you need to ensure that specific headers are set to ensure the proper functioning of the application. Failure to set these headers might result in a 422 error page. If you encounter this issue, you might see the following log entry:

ActionController::InvalidAuthenticityToken (HTTP Origin header ( didn't match request.base_url (

To resolve this issue add the following configuration settings inside the location:

location / {
    proxy_pass http://yourdocuseal.internal.hostname:3000/;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;