Support for X-Forwarded-* (and/or Forwarded) headers

[nblumhardt]

Seq uses api.canonicalUri to generate inbound links that target a particular scheme, hostname, port, and path, irrespective of whether Seq thinks its listening at that location or sees the correct location on inbound requests.

This works well in many different cases, but in a few situations it's not flexible enough - for example, if OIDC or Azure AD authentication is used, but Seq is accessed via two different hostnames, a single canonical URI is insufficient to generate the correct inbound link for users using each address.

Enabling forwarded header support, via X-Forwarded-* (or the newer Forwarded header) will cover these cases. Support needs to be opt-in as these headers can only be validly/safely used behind a trusted proxy in a secured environment.

[codymullins]

+1 to this, just locked myself out enabling Entra ID authentication because our Seq instance is http but using a proxy for http 😬

set the canonical uri in the env variables, but it would be nice to just have it work if the proxy headers are enabled.