bunkerweb [BUG] Session cookie is not set when revers proxying Zammad

What happened?

I am trying to integrate Bunkerweb with Zammad the ticket system. I use the offical docker file: https://github.com/zammad/zammad-docker-compose

When going throught the first setup setps everything is working fine. After a while one gets loged out and can't log in again.

While analysing i noted the following with bunkerweb no session cookie get's set:

When using Nginx Proxy manager i get the session cookie on my first request:

How to reproduce?

Setup Zammad Docker normaly. Log out and try to log in.

Configuration file(s) (yaml or .env)

This is my curren bunkerweb Debug config Modsecure is off to rule it out as error:

      - BUNKERWEB_INSTANCES=bunkerweb
      - USE_MODSECURITY_GLOBAL_CRS=yes
      - SERVER_NAME=zammad.psy-bunker.nl
      - USE_BACKUP=no
      - DISABLE_DEFAULT_SERVER=yes
      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
      - BLACKLIST_RDNS=.shodan.io .censys.io .google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com
      - WHITELIST_COUNTRY=DE AT BE CZ HR CY DK EE FR GR IE IT LV LU MT NL PT SK SI ES SE CH
      - AUTO_LETS_ENCRYPT=yes
      - EMAIL_LETS_ENCRYPT=XXXXX
      - REDIRECT_HTTP_TO_HTTPS=yes
      - USE_REVERSE_PROXY=yes
      - REVERSE_PROXY_HOST=http://zammad-nginx:8080
      - REVERSE_PROXY_WS=yes
      - REVERSE_PROXY_KEEPALIVE=yes
      - USE_MODSECURITY=no
      - INTERCEPTED_ERROR_CODES=
      - ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE|OPTIONS
      - KEEP_UPSTREAM_HEADERS=*
      - REVERSE_PROXY_HEADERS=X-CSRF-Token $$http_x_csrf_token
      - COOKIE_FLAGS=* SameSite=Lax
      - COOKIE_AUTO_SECURE_FLAG=no
      - REVERSE_PROXY_HEADERS_CLIENT=Set-Cookie
      - LOG_LEVEL=debug

Relevant log output

bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] set phase started, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] filling ngx.ctx ..., client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 8 valid inet: 0
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 8 valid inet: 10
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 10 valid inet: 401
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 8 valid inet: 127
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 16 valid inet: 43518
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 12 valid inet: 2753
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 24 valid inet: 12582912
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 24 valid inet: 12605539
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 16 valid inet: 49320
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 15 valid inet: 25353
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 24 valid inet: 12989284
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 24 valid inet: 13303921
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 4 valid inet: 14
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 24 valid inet: 15334400
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:227: ipmatcher_new(): ipv4 mask: 4 valid inet: 15
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:331: match(): ipv4 mask: 24 valid inet: 11277056
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:331: match(): ipv4 mask: 16 valid inet: 44051
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:331: match(): ipv4 mask: 15 valid inet: 22025
bunkerweb-1  | 2025/07/23 12:56:43 [debug] 153#153: *117 [lua] ipmatcher.lua:331: match(): ipv4 mask: 12 valid inet: 2753
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] ngx.ctx filled (ret = ctx filled), client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] calling set() methods of plugins ..., client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] sessions:set() call successful : success, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_whitelist_zammad.example.netuaMozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0 = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_whitelist_zammad.example.netip172.x.x.x = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_whitelist_zammad.example.neturi/ = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] whitelist:set() call successful : not in whitelist cache, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] letsencrypt:set() call successful : set https_configured to yes, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] customcert:set() call successful : set https_configured to no, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] selfsigned:set() call successful : set https_configured to no, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] ui:set() call successful : set https_configured to no, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [SET] called set() methods of plugins, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] access phase started, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] filling ngx.ctx ..., client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] ngx.ctx filled (ret = ctx filled), client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] IP 172.x.x.x is not banned, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] calling access() methods of plugins ..., client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] ssl:access() call successful : no redirect to HTTPS needed, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_whitelist_zammad.example.netuaMozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0 = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_whitelist_zammad.example.netip172.x.x.x = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_whitelist_zammad.example.neturi/ = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] whitelist:access() call successful : not whitelisted, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] letsencrypt:access() call successful : success, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_blacklist_zammad.example.netuaMozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0 = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_blacklist_zammad.example.netip172.x.x.x = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_blacklist_zammad.example.neturi/ = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] blacklist:access() call successful : not blacklisted, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] greylist:access() call successful : access not needed, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [CACHESTORE] hit level for plugin_country_zammad.example.net172.x.x.x = 3, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] country:access() call successful : client IP 172.x.x.x is not global, skipping check, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] dnsbl:access() call successful : client IP is not global, skipping DNSBL check, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] bunkernet:access() call successful : IP is not global, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] reversescan:access() call successful : reverse scan not activated, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] limit:access() call successful : client IP 172.x.x.x is not limited for URL / (current rate = 1r/s and max rate = 2r/s), client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] misc:access() call successful : method GET is allowed, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] cors:access() call successful : service doesn't use CORS, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] securitytxt:access() call successful : success, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] antibot:access() call successful : antibot not activated, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] crowdsec:access() call successful : CrowdSec plugin not enabled, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] called access() methods of plugins, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] no session, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:43 [info] 153#153: *117 [ACCESS] access phase ended, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [HEADER] header phase started while reading response header from upstream, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [HEADER] filling ngx.ctx ... while reading response header from upstream, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [HEADER] ngx.ctx filled (ret = ctx filled) while reading response header from upstream, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [HEADER] calling header() methods of plugins ... while reading response header from upstream, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [HEADER] headers:header() call successful : edited headers for request while reading response header from upstream, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [HEADER] cors:header() call successful : service doesn't use CORS while reading response header from upstream, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [HEADER] antibot:header() call successful : antibot not activated while reading response header from upstream, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [HEADER] misc:header() call successful : no location header needed while reading response header from upstream, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] log phase started while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] filling ngx.ctx ... while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] ngx.ctx filled (ret = ctx filled) while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] calling log() methods of plugins ... while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] badbehavior:log() call successful : not increasing counter while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] bunkernet:log() call successful : ip is not blocked while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] errors:log() call successful : success while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] metrics:log() call successful : success while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] called log() methods of plugins while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | 2025/07/23 12:56:44 [info] 153#153: *117 [LOG] log phase ended while logging request, client: 172.x.x.x, server: zammad.example.net, request: "GET / HTTP/2.0", upstream: "http://172.19.0.4:8080/", host: "zammad.example.net"
bunkerweb-1  | zammad.example.net 172.x.x.x - a1a64b1c37f523a805e60ddd93f6a0b4 - [23/Jul/2025:12:56:44 +0000] "GET / HTTP/2.0" 200 1587 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0"

BunkerWeb version

1.6.2

What integration are you using?

Docker

Linux distribution (if applicable)

Ubuntu 24.04.2 LTS

Removed private data

[x] I have removed all private data from the configuration file and the logs

Code of Conduct

[x] I agree to follow this project's Code of Conduct

Jul 25 '25 15:07 MrCybertux

Hi @MrCybertux, can you try setting the COOKIE_FLAGS to an empty value ? Thank you!

Jul 29 '25 16:07 TheophileDiot

Hello @TheophileDiot i have changed the config like you asked but still i do not get any cookie:

Jul 30 '25 09:07 MrCybertux

@TheophileDiot I noticed that when I get a session cookie with Nginx-Proxy manager it will also work with Bunker web even if bunkerweb is not handing out the cookie.

Aug 04 '25 10:08 MrCybertux

Hi @MrCybertux, this is likely not a BunkerWeb issue but a reverse proxy one. Can you send me on discord the configs ? Thank you!

Aug 04 '25 13:08 TheophileDiot