fix(docker): use proper nginx config for layered reverse proxies (#562)

In case the setup utilizes multiple reverse proxies, the X-Forwarded-*
headers will be mangled with the previous configuration. However, to
trust the X-Forwarded-* headers, we need to trust that there will be an
edge reverse proxy serving requests, and that the reverse proxy is
correctly clearing and setting the X-Forwarded-* headers before
propagating them down the stack.

With the configuration change, make a note about the potential security
vulnerability with a possible unsupported setup, and the importance of
passing verified X-Forwarded-* headers in the documentation.

Fixes #562

docker/nginx/nginx.conf

@@ -28,7 +28,7 @@ server {
 
         proxy_pass http://shipper;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
         proxy_set_header Host $host;
         proxy_redirect off;
     }

docs/sysadmin/Installation.md

@@ -6,7 +6,7 @@ shipper will run on any x86_64 platform, but for best results we recommend runni
 
 To install shipper, Docker and Docker Compose **must** be installed.
 
-A web server (such as Nginx or Apache) should also be installed so that requests to shipper can be reverse-proxied. Although not strictly required, we recommend using one if it is available.
+A web server (such as Nginx or Apache) should also be installed so that it may serve as a reverse proxy to shipper. This is **required** and should **not** be skipped. Failure to reverse proxy shipper can and will result in security issues, as the reverse proxy of the Docker Compose stack will trust all `X-Forwarded-*` headers sent by the edge reverse proxy. 
 
 ## Clone the repository