.How do I configure Cloudflare or a reverse proxy for Shopware 6?
Quick Answer
You can run Shopware 6 behind Cloudflare, Nginx Proxy Manager, HAProxy, Traefik, or another reverse proxy without issues—but you must configure trusted proxies, HTTPS forwarding headers, and cache rules correctly. Most storefront redirect loops, broken admin sessions, and mixed-content errors happen because Shopware does not trust the proxy IP or receives the wrong protocol headers. The setup below covers the safest configuration path for production stores.
Before You Start
- ✦ SSH or server access — you’ll need to edit environment variables and web server configs.
- ✦ SSL already enabled — reverse proxy setups break fast when HTTPS is only partially configured.
- ✦ Access to Cloudflare DNS — you may need to switch between proxied and DNS-only mode during testing.
Enable HTTPS forwarding
Your reverse proxy must forward the original HTTPS protocol to Shopware. Without this, Shopware thinks requests are plain HTTP and starts generating redirect loops, invalid cookies, or mixed-content warnings. This happens often when Cloudflare SSL mode is set incorrectly or when Nginx proxy headers are incomplete.
- Set Cloudflare SSL mode to Full (Strict)
- Forward X-Forwarded-Proto and X-Forwarded-For headers
- Force HTTPS redirects at the proxy layer only once
Configure trusted proxies
Shopware uses Symfony underneath, so it must explicitly trust your reverse proxy IPs. If you skip this step, customer IP addresses will appear incorrectly and admin sessions may fail randomly. This is the single setting most teams forget during Cloudflare setups.
- Add trusted proxy IPs to your server environment
- Include Cloudflare IP ranges if Cloudflare sits in front
- Clear cache after changing proxy settings
TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDRConfigure proxy headers
Your proxy must pass the original request information to PHP-FPM correctly. Shopware depends on these headers for storefront URLs, login sessions, and secure cookies. Missing headers usually show up as admin login loops or wrong absolute URLs in emails and media.
- Forward Host, X-Forwarded-Host, and X-Forwarded-Proto
- Keep the original host header enabled
- Restart PHP-FPM and web server services after changes
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;Set Cloudflare cache rules
Cloudflare can speed up Shopware significantly, but overly aggressive caching breaks carts, customer accounts, and checkout sessions. You should cache static assets aggressively while bypassing dynamic storefront and admin routes.
- Cache media, CSS, JS, and fonts
- Exclude /admin and checkout-related paths
- Disable HTML caching unless you fully understand Shopware HTTP cache behavior
Test the full request flow
Before going live, validate storefront browsing, checkout, login, password resets, and admin access through the proxy. Proxy issues often appear only after sessions or cookies are involved. And some problems only affect mobile devices because of cached redirects.
- Test checkout in incognito mode
- Check response headers with browser dev tools
- Verify real visitor IP addresses inside logs
Shopware Reverse Proxy Checklist
0 of 7 completeMistakes Most Developers Make
! Wrong SSL mode
! Caching checkout pages
! Missing trusted proxies
Key Takeaway
The short version: Shopware 6 works well behind Cloudflare or another reverse proxy when HTTPS headers, trusted proxies, and cache exclusions are configured correctly. Most problems come from SSL misconfiguration or caching dynamic storefront pages. Keep checkout and admin routes uncached, trust the proxy IPs properly, and validate sessions before launch. Start with Step 2—that one alone handles most of it.
Related Answers
Was this answer helpful?
Your feedback helps us improve our answers.
Still need help?
Talk to our Shopware experts
We've handled GDPR/CCPA compliance for dozens of EU & US Shopware stores.