If you have gotten the error for Forbidden - referrer link (Chrome) or Invalid CSRF token (Mozilla).
Solution below:
example.domain {
reverse_proxy 0.0.0.0: {
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up -Referer
header_up -Host
header_up -X-Forwarded-Proto
}
}
Documentation and examples of how to put head_up as sub-directive were hard to find.
Make sure to do the following to you config.json on the gophish server. Changes in bold.
{
“admin_server”: {
“listen_url”: “0.0.0.0:3333”,
“use_tls”: false,
“cert_path”: “gophish_admin.crt”,
“key_path”: “gophish_admin.key”,
“trusted_origins”: []
},
“phish_server”: {
“listen_url”: “0.0.0.0:”,
“use_tls”: false,
“cert_path”: “example.crt”,
“key_path”: “example.key”
},
“db_name”: “sqlite3”,
“db_path”: “gophish.db”,
“migrations_prefix”: “db/db_”,
“contact_address”: “”,
“logging”: {
“filename”: “”,
“level”: “”
}
}