Add setting and documentation for fixing CSRF errors (#349)

* Add documentation and setting for solving CSRF errors

* Improve proxy setup docs

* Link to reverse proxy documentation

* Fix link

README.md

@@ -12,6 +12,7 @@
     - [Using Docker](#using-docker)
     - [Using Docker Compose](#using-docker-compose)
     - [User Setup](#user-setup)
+    - [Reverse Proxy Setup](#reverse-proxy-setup)
     - [Managed Hosting Options](#managed-hosting-options)
 - [Documentation](#documentation)
 - [Browser Extension](#browser-extension)
@@ -96,6 +97,46 @@ docker-compose exec linkding python manage.py createsuperuser --username=joe --e
 
 The command will prompt you for a secure password. After the command has completed you can start using the application by logging into the UI with your credentials.
 
+### Reverse Proxy Setup
+
+When using a reverse proxy, such as Nginx or Apache, you may need to configure your proxy to correctly forward the `Host` header to linkding, otherwise certain requests, such as login, might fail.
+
+<details>
+<summary>Apache</summary>
+
+Not tested yet.
+If you figure out a working setup, feel free to contribute it here.
+
+In the meanwhile, use the [`LD_CSRF_TRUSTED_ORIGINS` option](docs/Options.md#LD_CSRF_TRUSTED_ORIGINS).
+
+</details>
+
+<details>
+<summary>Caddy 2</summary>
+
+Caddy does not change the headers by default, and should not need any further configuration.
+
+If you still run into CSRF issues, please check out the [`LD_CSRF_TRUSTED_ORIGINS` option](docs/Options.md#LD_CSRF_TRUSTED_ORIGINS).
+
+</details>
+
+<details>
+<summary>Nginx</summary>
+
+Nginx by default rewrites the `Host` header to whatever URL is used in the `proxy_pass` directive.
+To forward the correct headers to linkding, add the following directives to the location block of your Nginx config:
+```
+location /linkding {
+    ...
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+```
+
+</details>
+
+Instead of configuring header forwarding in your proxy, you can also configure the URL from which you want to access your linkding instance with the  [`LD_CSRF_TRUSTED_ORIGINS` option](docs/Options.md#LD_CSRF_TRUSTED_ORIGINS).
+
 ### Managed Hosting Options
 
 Self-hosting web applications on your own hardware (unfortunately) still requires a lot of technical know-how, and commitment to maintenance, with regard to keeping everything up-to-date and secure. This can be a huge entry barrier for people who are interested in self-hosting linkding, but lack the technical knowledge to do so. This section is intended to provide alternatives in form of managed hosting solutions. Note that these options are usually commercial offerings, that require paying a (usually monthly) fee for the convenience of being managed by another party. The technical knowledge required to make use of individual options is going to vary, and no guarantees can be made that every option is accessible for everyone. That being said, I hope this section helps in making the application accessible to a wider audience.