Deploying a reverse proxy to PostHog Cloud

Last updated:

Why use a reverse proxy?

You'll want to use a reverse proxy if you want to use PostHog Cloud but still want tracking data to be sent first to your domain, then to us. This helps with tracker blockers or if you have migrated or are migrating off of PostHog open source hosted locally to PostHog Cloud.

Deploying a reverse proxy

Using Caddy

We like using Caddy because it makes setting up the reverse proxy and TLS a breeze.

docker run -p 80:80 -p 443:443 caddy caddy reverse-proxy --to p.posthog.com:443 --from <YOUR_TRACKING_DOMAIN>

You'll want to sub out YOUR_TRACKING_DOMAIN for whatever domain you use for proxying to PostHog. We'd suggest something like e.yourdomain.com or the like.

Using AWS CloudFront

CloudFront can be used as a reverse proxy. Although there are multiple other options if you're using AWS

NB Cloudfront doesn't forward headers, cookies, or query parameters received from the origin by default. PostHog uses query parameters in its URLs. You need an "origin request policy" as in the instructions below.

Create a distribution

  1. Create a CloudFront distribution
  2. Set the origin domain to your PostHog instance. app.posthog.com for PostHog cloud.
  3. Allow all HTTP methods
  4. Create, and attach to the distribution, an "origin request policy" that forwards all query parameters
  5. Choose the appropriate price class for your use
  6. Once the distribution is deployed set its URL as the api host in your JS snippet or SDK config

You can find out about CloudFront pricing on the AWS website

Summary

That's it! A few resources here will go a long way. Reach out if you hit any snags!

Ask a question