InvenTree is a powerful open-source inventory management system, but like many self-hosted tools, it can be sensitive to reverse proxy setups—especially after updates.

Recently, after updating InvenTree, I encountered an authentication issue that broke the web interface when served behind a reverse proxy. Here's a breakdown of what happened, how I originally configured it, and the new setting that resolved the issue. 🧵

🔍 The Problem

After updating InvenTree, I was suddenly locked out via the reverse proxy. The interface either wouldn't load or would throw vague authentication/session errors, even though everything had worked perfectly before.

This was a classic case of a breaking change introduced in an update—one that silently relies on a now-required config setting.

⚙️ Original Setup

When I first deployed InvenTree, I ran into some proxy-related issues. Here's how I got it working initially:

✅ Config config.yml Adjustments

bind_address: 192.168.1.10:8000  # Replaced 0.0.0.0 to work behind proxy
allowed_hosts:
  - "*"  # Can be tightened to your domain later

🖥 Base URL in GUI

I also set the base_url inside the InvenTree GUI config, which was enough to get the app reverse-proxy friendly at the time.

Everything worked well until the recent update... 😑

🚨 Post-Update Issue

After upgrading, InvenTree started requiring an additional setting:
site_url must be explicitly set in config.yml.

Without this, you might experience:

  • Authentication/session failures
  • Missing redirects or broken links
  • General instability when served through a reverse proxy

✅ The Fix

Here’s what solved it for me:

✍️ Add site_url to config.yml

site_url: https://inventree.domain.com

Make sure it matches the public-facing domain you're using behind your reverse proxy.

🔄 Restart InvenTree

If you're using Docker:

docker-compose restart

Or if you're running it as a service:

systemctl restart inventree

📌 Recap

  • Ensure bind_address is set to your host IP (not 0.0.0.0)
  • Set allowed_hosts appropriately (* for all, or specify your domain)
  • Define site_url in config.yml
  • Restart the service/container

💡 Final Thoughts

Reverse proxy setups can be finicky, and even minor version bumps can change how an app handles headers or trusted origins. Always check the InvenTree documentation and changelogs when things break post-update.

If this post saved you some hair-pulling, consider bookmarking it or sharing it with someone else who might run into the same issue.

📝 Like this post?
Read more real-world DevOps and self-hosting stories at:
👉 blog.opensourceitsolutions.co.uk