FI have a hard time grasping how this architecture looks like 
But yeah zitadel can be run behing proxies, we do that all the time.
There is even a list of config for different ones here https://zitadel.com/docs/self-hosting/manage/reverseproxy/reverse_proxy
I think the challenge here is that you want to use a different domain to the outside world then your zitadel is configured to, right?
But yeah zitadel can be run behing proxies, we do that all the time.
There is even a list of config for different ones here https://zitadel.com/docs/self-hosting/manage/reverseproxy/reverse_proxy
I think the challenge here is that you want to use a different domain to the outside world then your zitadel is configured to, right?
Fok but to me that is just you set the externaldomain to my-app.com and set all the network appliances to forward that as a host header
FTo me it looks like your zitadel should act as my-app.com, right?
Fso like every other proxy
Fin that case setting the externaldomain to my-app is the right thing to do
FYes, but I guess you also want to run request internally to zitadel without going through the proxy, or is that no correct?
Ffor that there would be two options:
1) your clients just set the host in the api calls to my-app
2) you add your internal domain with this api https://zitadel.com/docs/apis/resources/system/system-service-add-domain
1) your clients just set the host in the api calls to my-app
2) you add your internal domain with this api https://zitadel.com/docs/apis/resources/system/system-service-add-domain
FI mean you have also option 1)
FBut to generate access for the system api you can look into this guide https://zitadel.com/docs/guides/integrate/zitadel-apis/access-zitadel-system-api
Fonly if you do 1 or 2
FI would guess that you also have an internal proxy, which could set the host to my-app
FWhat is the 400 response?
If you increase the loglevel you should see the log in zitadel stdout as well.
You can also enable this to log the http calls to stdout https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml#L609
If you increase the loglevel you should see the log in zitadel stdout as well.
You can also enable this to log the http calls to stdout https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml#L609
FHm that is odd, we have logging enabled in our cloud and it works.
Can you share your config?
Can you share your config?