Fixed login with only ip:port access

PROXY_SETUP.md

@@ -2,7 +2,114 @@
 
 This guide helps you configure reverse proxies (Nginx, Traefik, Zoraxy, Authelia, Caddy, etc.) to work with Mailcow Alias Manager.
 
-## ✅ Built-in Proxy Support
+---
+
+## 🔧 ENABLE_PROXY Configuration
+
+The application supports **two access modes** controlled by the `ENABLE_PROXY` environment variable in `docker-compose.yml`:
+
+### **Mode 1: Direct Access (ENABLE_PROXY=false)** - DEFAULT
+
+Use this when accessing the application directly via IP:port **without a reverse proxy**.
+
+**docker-compose.yml:**
+```yaml
+environment:
+  - ENABLE_PROXY=false  # Default setting
+```
+
+**Access:** `http://192.168.1.100:5172` (replace with your server IP)
+
+**Features:**
+- ✅ Works over HTTP (no HTTPS required)
+- ✅ Standard cookie behavior (SameSite=Lax)
+- ✅ No proxy configuration needed
+- ✅ Simple login flow
+- ✅ Perfect for internal/LAN access
+
+**When to use:**
+- Accessing from internal network only
+- No reverse proxy in place
+- Testing or development
+- Simple single-server setup
+
+---
+
+### **Mode 2: Proxy Access (ENABLE_PROXY=true)**
+
+Use this when running **behind a reverse proxy** (Authelia, Zoraxy, Nginx, Traefik, Caddy).
+
+**docker-compose.yml:**
+```yaml
+environment:
+  - ENABLE_PROXY=true
+```
+
+**Access:** `https://alias.yourdomain.com` (through your reverse proxy)
+
+**Features:**
+- ✅ ProxyFix middleware handles X-Forwarded-* headers
+- ✅ HTTPS redirect support
+- ✅ Secure cookies (HTTPS only)
+- ✅ Works with authentication proxies (Authelia)
+- ✅ Multi-proxy chain support
+
+**When to use:**
+- Accessing from internet via domain name
+- Behind Nginx, Traefik, Caddy, HAProxy
+- Behind authentication proxy (Authelia, Authentik)
+- SSL/TLS termination at proxy
+- Production deployments with HTTPS
+
+---
+
+### **Switching Between Modes**
+
+To switch from one mode to another:
+
+1. **Edit `docker-compose.yml`**
+   ```yaml
+   # Change this line:
+   - ENABLE_PROXY=false  # or true
+   ```
+
+2. **Restart the container**
+   ```bash
+   docker compose down
+   docker compose up -d
+   ```
+
+3. **Verify mode in logs**
+   ```bash
+   docker compose logs mailcow-alias-manager | grep "ACCESS MODE"
+   ```
+   
+   You should see either:
+   - `ACCESS MODE: Direct IP:Port (ENABLE_PROXY=false)`
+   - `ACCESS MODE: Reverse Proxy (ENABLE_PROXY=true)`
+
+4. **Clear browser cookies** (IMPORTANT!)
+   - Press F12 → Application → Cookies
+   - Delete all cookies for your domain
+   - Close and reopen browser
+
+5. **Login again**
+
+---
+
+### **Quick Reference Table**
+
+| Access Method | ENABLE_PROXY | Access URL | Cookie Mode |
+|--------------|--------------|------------|-------------|
+| Direct IP:port | `false` (default) | `http://192.168.1.100:5172` | HTTP, SameSite=Lax |
+| Nginx/Traefik | `true` | `https://alias.example.com` | HTTPS, SameSite=None |
+| Authelia + Zoraxy | `true` | `https://alias.example.com` | HTTPS, SameSite=None |
+| Caddy | `true` | `https://alias.example.com` | HTTPS, SameSite=None |
+| Local dev (`python3 app.py`) | N/A (not set) | `http://localhost:5172` | HTTP, SameSite=Lax |
+
+---
+
+## ✅ Built-in Proxy Support (When ENABLE_PROXY=true)
 
 The application includes **ProxyFix middleware** that automatically handles:
 - ✅ HTTPS detection via `X-Forwarded-Proto`
@@ -10,7 +117,7 @@ The application includes **ProxyFix middleware** that automatically handles:
 - ✅ Client IP forwarding via `X-Forwarded-For`
 - ✅ Path prefix support via `X-Forwarded-Prefix`
 
-**No configuration changes needed in most cases!**
+**Works with 2 proxies in chain** (e.g., Zoraxy → Authelia → App)
 
 ---