HMDM docker compose setup with traefik container - reverse proxy setup

Question

I’m trying to run HMDM behind Traefik using Docker Compose.

My setup:

• HMDM container runs with PROTOCOL=http (otherwise the container tries to obtain its own Let's Encrypt certificate and fails)

• Traefik handles HTTPS with tlsChallenge and forwards traffic to the container over HTTP

• Public URL: https://mdm.example.com

The web interface works correctly over HTTPS through Traefik.

However, when I generate the device enrollment QR code / URL, it contains:

http://mdm.example.com

instead of:

https://mdm.example.com

Because of this, the Android MDM agent refuses installation (I assume this is because it tries to reach http://mdm.example.com instead of https://mdm.example.com  ).

Things I already tried:

• Adding Tomcat RemoteIpValve to support X-Forwarded-Proto

• Verifying Traefik sends forwarded headers

• Adding a BASE_URL environment variable

• Looking for a corresponding setting on the interface (could not find one)

HMDM still generates HTTP enrollment URLs.

Please, could you tell me what is the proper way to configure HMDM behind Traefik (TLS handled by the reverse proxy) so that it generates HTTPS enrollment URLs?

Answer 1

To fix the URL entries in the QR code, check these two points:

1. Correct the value of base.url in the Tomcat config file (/volumes/hmdm-config/ROOT.xml), it should be https://mdm.example.com. Restart the container to apply changes.

2. Correct the URL of Headwind MDM launcher in the "Applications" section of the web panel, it should be https://mdm.example.com/files/hmdm-xxxx.apk

Comments

It's working fine, thank you very much !!