Reverse proxy internal IP

Hi All I am struggling with my fresh installation of indico. I followed the instructions for installation and all went without a hitch. The problem is that is it running on port 8080 as http on that server. It is not a public facing installation and I am using a virtualmin server as my reverse proxy for this host. Virtualmin does the letsencrypt side and then acts as a revers proxy for my server.

The host is

when I try to register for a conference the system does nothing. I will post screenshots etc… to the post in a few moments

Make sure your BASE_URL is set correctly (with https), and that you restarted the indico-uwsgi and indico-celery services after changing your config.

Also make sure that USE_PROXY is set and your reverse proxy is sending the correct headers: Settings — Indico 3.2.8 documentation

This is my config file. when I attempt to make it BASE_URL = ‘’ I get the following result

This Indico instance can only be accessed via

You need to change your SECRET_KEY right now since you just shared it in a public place. Knowing that key is enough to take over accounts on your instance (since one can generate e.g. a valid password reset token with it).

Your new error indicates that your reverse proxy is not sending the correct headers so Indico thinks it’s being accessed via a different URL.

WIll change the key right now. In my virtualmin I set proxying to my BASE_URL on port 8080. is this wrong

does my nginx have to listen on port 443

Do you mean the one from indico? Doesn’t matter, any port will do. the main one (so on your virtualmin instance) should be on 443 because that’s the standard for https…

Thanks for the assist. I managed to get it working

had to apply the virtualmin setting correctly

you have been great.
checking on emails now

Hi Again guys

I can’t believe I am stuck again.

The site stopped working again.

I don’t think I did anything to it but now I get the following error

Proxy Error

The proxy server could not handle the request

Reason: Error during SSL Handshake with remote server

I did a attempt to change the certificate on my wordpress site of the domain for email purposes but this should not have had anything to do with this indico site

this is my nginx config

and here is my .indico.conf file

CELERY_BROKER = 'redis://'
REDIS_CACHE_URL = 'redis://'
DEFAULT_TIMEZONE = 'Africa/Johannesburg'
CACHE_DIR = '/opt/indico/cache'
TEMP_DIR = '/opt/indico/tmp'
LOG_DIR = '/opt/indico/log'
STORAGE_BACKENDS = {'default': 'fs:/opt/indico/archive'}

STATIC_FILE_METHOD = ('xaccelredirect', {'/opt/indico': '/.xsf/indico'})

PLUGINS = {'vc_zoom', 'payment_paypal', 'payment_manual'}

mi config in virtualmin is just

This is my letsencrypt conf

wonder if the certificates on the indico is outdated now

From where is the proxy error coming? Your virtualmin reverse proxy? If yes, check the TLS config there. The logfiles might also contain more detailed information than “error during handshake”.

I also suggest trying to access your Indico server directly to see if TLS there is broken for some reason. But a problem on your virtualmin side sounds way more likely if that’s all you touched when it broke.

I added the site to my hosts and I can access it with the domain

but it asks for the self hosted certificate to be accepted

If you use a selfsigned cert on your internal host, you need to make sure your virtualmin reverse proxy trusts it or ignores invalid certificates.

Or just use plain HTTP there if it’s in a secure internal network (ie terminate TLS on the virtualmin level)

so do I just remove the ssl component out of the nginx config file? and only listen on port 8080 for example

the result looks like this


the BASE_URL =

You need to make sure the X-Forwarded-Proto: https header is sent, either by nginx or by your virtualmin reverse proxy.

would this be something I would set in my virtualmin apache config which is the frontend for my virtualmin

Yes, try this: RequestHeader set X-Forwarded-Proto https

Alternatively in the nginx config you can do this: proxy_set_header X-Forwarded-Proto https;