Apache reverse proxy gets redirectionApache reverse proxy: Change protocol in links and form targets from http to httpsnginx + varnish + apache differente IPs in VirtualHost ApacheHow to handle serlvet login redirects which cross reverse proxy virtual host boundaryeXist-db: can't start webstart client on a closed port, reverse proxied via apacheConnection refused HTTPS on ApacheHTTPS reverse proxy using apacheCorrect Apache reverse proxy config with SSL for Jenkins and SonarReverse Proxy with https redirect in LighttpdApache reverse proxy to docker containerHow to redirect nginx from http to https behind an apache reverse proxy?

Why would Ryanair allow me to book this journey through a third party, but not through their own website?

Apt - strange requests to d16r8ew072anqo.cloudfront.net:80

Python program to take in two strings and print the larger string

Need to read my home electrical meter

Of strange atmospheres - the survivable but unbreathable

Defining the standard model of PA so that a space alien could understand

How to cut a climbing rope?

My players want to grind XP but we're using milestone advancement

Is the Unsullied name meant to be ironic? How did it come to be?

In the 3D Zeldas, is it faster to roll or to simply walk?

Is it rude to call a professor by their last name with no prefix in a non-academic setting?

Specifying background color seen through semi-transparent surface

Did 20% of US soldiers in Vietnam use heroin, 95% of whom quit afterwards?

What is a Power on Reset IC?

Can I summon an otherworldly creature with the Gate spell without knowing its true name?

Popcorn is the only acceptable snack to consume while watching a movie

Do photons bend spacetime or not?

Find the three digit Prime number P from the given unusual relationships

In general, would I need to season a meat when making a sauce?

How should I introduce map drawing to my players?

Using credit/debit card details vs swiping a card in a payment (credit card) terminal

A steel cutting sword?

How to politely tell someone they did not hit "reply to all" in an email?

When the Torah was almost lost and one (or several) Rabbis saved it?



Apache reverse proxy gets redirection


Apache reverse proxy: Change protocol in links and form targets from http to httpsnginx + varnish + apache differente IPs in VirtualHost ApacheHow to handle serlvet login redirects which cross reverse proxy virtual host boundaryeXist-db: can't start webstart client on a closed port, reverse proxied via apacheConnection refused HTTPS on ApacheHTTPS reverse proxy using apacheCorrect Apache reverse proxy config with SSL for Jenkins and SonarReverse Proxy with https redirect in LighttpdApache reverse proxy to docker containerHow to redirect nginx from http to https behind an apache reverse proxy?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








-1















I'm trying to set up Apache as a reverse proxy. Here is the essential part of its configuration:



NameVirtualHost 10.16.10.245:9443
Listen 10.16.10.245:9443

<VirtualHost 10.16.10.245:9443>
 ServerName proxy.lan:9443

 SSLEngine on
 ...

 TraceEnable off

 SSLProxyEngine on
 ProxyPreserveHost On
 ProxyRequests Off
 ProxyVia full
 ProxyPass / http://localhost/
 ProxyPassReverse / http://localhost/
</VirtualHost>


Note, that the proxy is listening on a non standard port 9443. When I use a dummy page showing phpinfo as a backend everything works as expected. However the site I need to put behind the proxy is either too strictly or too poorly written, so the behaivior changes like this:



client -> https://proxy.lan:443 -> http://localhost = success
client -> https://proxy.lan:<ANY_OTHER_PORT> -> http://localhost = wrong redirect


The client gets redirected from https://proxy.lan:9443/ to https://proxy.lan/auth/login and obviously proxy can't serve the request cause it doesn't listen on port 443:



# wget --no-check-certificate -vS https://proxy.lan:9443
--2019-05-12 02:51:37-- https://proxy.lan:9443/
Resolving proxy.lan (proxy.lan)... 10.10.254.186
Connecting to proxy.lan (proxy.lan)|10.10.254.186|:9443... connected.
WARNING: cannot verify proxy.lan's certificate, issued by '...':
 Self-signed certificate encountered.
 WARNING: certificate common name 'backend.lan' doesn't match requested host name 'proxy.lan'.
HTTP request sent, awaiting response... 
 HTTP/1.1 302 Found
 Date: Sat, 11 May 2019 23:51:37 GMT
 Server: Apache
 Expires: Thu, 19 Nov 1981 08:52:00 GMT
 Cache-Control: no-cache, no-store, must-revalidate
 Pragma: no-cache
 Location: https://proxy.lan/auth/login
 X-Frame-Options: DENY
 X-XSS-Protection: 1; mode=block
 X-Content-Type-Options: nosniff
 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
 Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
 X-Permitted-Cross-Domain-Policies: none
 Content-Length: 0
 Content-Type: text/html; charset=UTF-8
 Set-Cookie: PHPSESSID=...; path=/; secure; HttpOnly
 Via: 1.1 proxy.lan:9443 (Apache/2.2.31)
 Connection: close
Location: https://proxy.lan/auth/login [following]
--2019-05-12 02:51:37-- https://proxy.lan/auth/login
Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.
Resolving proxy.lan (proxy.lan)... 10.10.254.186
Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.


I can manually add the port to the resulting URL and https://proxy.lan:9443/auth/login works except for all links on the page pointing to https://proxy.lan/...



Apache environment looks like this:



HTTP_HOST proxy.lan:9443
HTTP_VIA 1.1 proxy.lan:9443 (Apache/2.2.31)
HTTP_X_FORWARDED_FOR 10.100.0.30
HTTP_X_FORWARDED_HOST proxy.lan:9443
HTTP_X_FORWARDED_SERVER proxy.lan
HTTP_CONNECTION Keep-Alive
SERVER_SIGNATURE <address>Apache Server at proxy.lan Port 9443</address>
SERVER_NAME proxy.lan
SERVER_ADDR ::1
SERVER_PORT 9443
REMOTE_ADDR ::1
...


Any ideas what can be done on the proxy side? Some rewrite rules maybe?






apache-2.2 web-server reverse-proxy redirect







share|improve this question






























    -1















    I'm trying to set up Apache as a reverse proxy. Here is the essential part of its configuration:



    NameVirtualHost 10.16.10.245:9443
    Listen 10.16.10.245:9443

    <VirtualHost 10.16.10.245:9443>
     ServerName proxy.lan:9443

     SSLEngine on
     ...

     TraceEnable off

     SSLProxyEngine on
     ProxyPreserveHost On
     ProxyRequests Off
     ProxyVia full
     ProxyPass / http://localhost/
     ProxyPassReverse / http://localhost/
    </VirtualHost>


    Note, that the proxy is listening on a non standard port 9443. When I use a dummy page showing phpinfo as a backend everything works as expected. However the site I need to put behind the proxy is either too strictly or too poorly written, so the behaivior changes like this:



    client -> https://proxy.lan:443 -> http://localhost = success
    client -> https://proxy.lan:<ANY_OTHER_PORT> -> http://localhost = wrong redirect


    The client gets redirected from https://proxy.lan:9443/ to https://proxy.lan/auth/login and obviously proxy can't serve the request cause it doesn't listen on port 443:



    # wget --no-check-certificate -vS https://proxy.lan:9443
    --2019-05-12 02:51:37-- https://proxy.lan:9443/
    Resolving proxy.lan (proxy.lan)... 10.10.254.186
    Connecting to proxy.lan (proxy.lan)|10.10.254.186|:9443... connected.
    WARNING: cannot verify proxy.lan's certificate, issued by '...':
     Self-signed certificate encountered.
     WARNING: certificate common name 'backend.lan' doesn't match requested host name 'proxy.lan'.
    HTTP request sent, awaiting response... 
     HTTP/1.1 302 Found
     Date: Sat, 11 May 2019 23:51:37 GMT
     Server: Apache
     Expires: Thu, 19 Nov 1981 08:52:00 GMT
     Cache-Control: no-cache, no-store, must-revalidate
     Pragma: no-cache
     Location: https://proxy.lan/auth/login
     X-Frame-Options: DENY
     X-XSS-Protection: 1; mode=block
     X-Content-Type-Options: nosniff
     Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
     Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
     X-Permitted-Cross-Domain-Policies: none
     Content-Length: 0
     Content-Type: text/html; charset=UTF-8
     Set-Cookie: PHPSESSID=...; path=/; secure; HttpOnly
     Via: 1.1 proxy.lan:9443 (Apache/2.2.31)
     Connection: close
    Location: https://proxy.lan/auth/login [following]
    --2019-05-12 02:51:37-- https://proxy.lan/auth/login
    Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.
    Resolving proxy.lan (proxy.lan)... 10.10.254.186
    Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.


    I can manually add the port to the resulting URL and https://proxy.lan:9443/auth/login works except for all links on the page pointing to https://proxy.lan/...



    Apache environment looks like this:



    HTTP_HOST proxy.lan:9443
    HTTP_VIA 1.1 proxy.lan:9443 (Apache/2.2.31)
    HTTP_X_FORWARDED_FOR 10.100.0.30
    HTTP_X_FORWARDED_HOST proxy.lan:9443
    HTTP_X_FORWARDED_SERVER proxy.lan
    HTTP_CONNECTION Keep-Alive
    SERVER_SIGNATURE <address>Apache Server at proxy.lan Port 9443</address>
    SERVER_NAME proxy.lan
    SERVER_ADDR ::1
    SERVER_PORT 9443
    REMOTE_ADDR ::1
    ...


    Any ideas what can be done on the proxy side? Some rewrite rules maybe?






    apache-2.2 web-server reverse-proxy redirect







    share|improve this question


























      -1












      -1








      -1








      I'm trying to set up Apache as a reverse proxy. Here is the essential part of its configuration:



      NameVirtualHost 10.16.10.245:9443
      Listen 10.16.10.245:9443

      <VirtualHost 10.16.10.245:9443>
       ServerName proxy.lan:9443

       SSLEngine on
       ...

       TraceEnable off

       SSLProxyEngine on
       ProxyPreserveHost On
       ProxyRequests Off
       ProxyVia full
       ProxyPass / http://localhost/
       ProxyPassReverse / http://localhost/
      </VirtualHost>


      Note, that the proxy is listening on a non standard port 9443. When I use a dummy page showing phpinfo as a backend everything works as expected. However the site I need to put behind the proxy is either too strictly or too poorly written, so the behaivior changes like this:



      client -> https://proxy.lan:443 -> http://localhost = success
      client -> https://proxy.lan:<ANY_OTHER_PORT> -> http://localhost = wrong redirect


      The client gets redirected from https://proxy.lan:9443/ to https://proxy.lan/auth/login and obviously proxy can't serve the request cause it doesn't listen on port 443:



      # wget --no-check-certificate -vS https://proxy.lan:9443
      --2019-05-12 02:51:37-- https://proxy.lan:9443/
      Resolving proxy.lan (proxy.lan)... 10.10.254.186
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:9443... connected.
      WARNING: cannot verify proxy.lan's certificate, issued by '...':
       Self-signed certificate encountered.
       WARNING: certificate common name 'backend.lan' doesn't match requested host name 'proxy.lan'.
      HTTP request sent, awaiting response... 
       HTTP/1.1 302 Found
       Date: Sat, 11 May 2019 23:51:37 GMT
       Server: Apache
       Expires: Thu, 19 Nov 1981 08:52:00 GMT
       Cache-Control: no-cache, no-store, must-revalidate
       Pragma: no-cache
       Location: https://proxy.lan/auth/login
       X-Frame-Options: DENY
       X-XSS-Protection: 1; mode=block
       X-Content-Type-Options: nosniff
       Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
       Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
       X-Permitted-Cross-Domain-Policies: none
       Content-Length: 0
       Content-Type: text/html; charset=UTF-8
       Set-Cookie: PHPSESSID=...; path=/; secure; HttpOnly
       Via: 1.1 proxy.lan:9443 (Apache/2.2.31)
       Connection: close
      Location: https://proxy.lan/auth/login [following]
      --2019-05-12 02:51:37-- https://proxy.lan/auth/login
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.
      Resolving proxy.lan (proxy.lan)... 10.10.254.186
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.


      I can manually add the port to the resulting URL and https://proxy.lan:9443/auth/login works except for all links on the page pointing to https://proxy.lan/...



      Apache environment looks like this:



      HTTP_HOST proxy.lan:9443
      HTTP_VIA 1.1 proxy.lan:9443 (Apache/2.2.31)
      HTTP_X_FORWARDED_FOR 10.100.0.30
      HTTP_X_FORWARDED_HOST proxy.lan:9443
      HTTP_X_FORWARDED_SERVER proxy.lan
      HTTP_CONNECTION Keep-Alive
      SERVER_SIGNATURE <address>Apache Server at proxy.lan Port 9443</address>
      SERVER_NAME proxy.lan
      SERVER_ADDR ::1
      SERVER_PORT 9443
      REMOTE_ADDR ::1
      ...


      Any ideas what can be done on the proxy side? Some rewrite rules maybe?






      apache-2.2 web-server reverse-proxy redirect







      share|improve this question
















      I'm trying to set up Apache as a reverse proxy. Here is the essential part of its configuration:



      NameVirtualHost 10.16.10.245:9443
      Listen 10.16.10.245:9443

      <VirtualHost 10.16.10.245:9443>
       ServerName proxy.lan:9443

       SSLEngine on
       ...

       TraceEnable off

       SSLProxyEngine on
       ProxyPreserveHost On
       ProxyRequests Off
       ProxyVia full
       ProxyPass / http://localhost/
       ProxyPassReverse / http://localhost/
      </VirtualHost>


      Note, that the proxy is listening on a non standard port 9443. When I use a dummy page showing phpinfo as a backend everything works as expected. However the site I need to put behind the proxy is either too strictly or too poorly written, so the behaivior changes like this:



      client -> https://proxy.lan:443 -> http://localhost = success
      client -> https://proxy.lan:<ANY_OTHER_PORT> -> http://localhost = wrong redirect


      The client gets redirected from https://proxy.lan:9443/ to https://proxy.lan/auth/login and obviously proxy can't serve the request cause it doesn't listen on port 443:



      # wget --no-check-certificate -vS https://proxy.lan:9443
      --2019-05-12 02:51:37-- https://proxy.lan:9443/
      Resolving proxy.lan (proxy.lan)... 10.10.254.186
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:9443... connected.
      WARNING: cannot verify proxy.lan's certificate, issued by '...':
       Self-signed certificate encountered.
       WARNING: certificate common name 'backend.lan' doesn't match requested host name 'proxy.lan'.
      HTTP request sent, awaiting response... 
       HTTP/1.1 302 Found
       Date: Sat, 11 May 2019 23:51:37 GMT
       Server: Apache
       Expires: Thu, 19 Nov 1981 08:52:00 GMT
       Cache-Control: no-cache, no-store, must-revalidate
       Pragma: no-cache
       Location: https://proxy.lan/auth/login
       X-Frame-Options: DENY
       X-XSS-Protection: 1; mode=block
       X-Content-Type-Options: nosniff
       Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
       Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
       X-Permitted-Cross-Domain-Policies: none
       Content-Length: 0
       Content-Type: text/html; charset=UTF-8
       Set-Cookie: PHPSESSID=...; path=/; secure; HttpOnly
       Via: 1.1 proxy.lan:9443 (Apache/2.2.31)
       Connection: close
      Location: https://proxy.lan/auth/login [following]
      --2019-05-12 02:51:37-- https://proxy.lan/auth/login
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.
      Resolving proxy.lan (proxy.lan)... 10.10.254.186
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.


      I can manually add the port to the resulting URL and https://proxy.lan:9443/auth/login works except for all links on the page pointing to https://proxy.lan/...



      Apache environment looks like this:



      HTTP_HOST proxy.lan:9443
      HTTP_VIA 1.1 proxy.lan:9443 (Apache/2.2.31)
      HTTP_X_FORWARDED_FOR 10.100.0.30
      HTTP_X_FORWARDED_HOST proxy.lan:9443
      HTTP_X_FORWARDED_SERVER proxy.lan
      HTTP_CONNECTION Keep-Alive
      SERVER_SIGNATURE <address>Apache Server at proxy.lan Port 9443</address>
      SERVER_NAME proxy.lan
      SERVER_ADDR ::1
      SERVER_PORT 9443
      REMOTE_ADDR ::1
      ...


      Any ideas what can be done on the proxy side? Some rewrite rules maybe?






      apache-2.2 web-server reverse-proxy redirect




      apache-2.2 web-server reverse-proxy redirect






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited May 12 at 10:21







      Fmy Oen

















      asked May 12 at 0:59









      Fmy OenFmy Oen

      29125




      29125




















          1 Answer
          1






          active

          oldest

          votes


















          0














          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.






          share|improve this answer























          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16











          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966881%2fapache-reverse-proxy-gets-redirection%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.






          share|improve this answer























          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16















          0














          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.






          share|improve this answer























          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16













          0












          0








          0







          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.






          share|improve this answer













          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered May 12 at 11:57









          kubanczykkubanczyk

          10.8k42946




          10.8k42946












          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16

















          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16
















          Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

          – Fmy Oen
          May 13 at 13:54






          Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

          – Fmy Oen
          May 13 at 13:54














          I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

          – kubanczyk
          May 13 at 19:54






          I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

          – kubanczyk
          May 13 at 19:54














          Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

          – Fmy Oen
          May 14 at 8:53





          Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

          – Fmy Oen
          May 14 at 8:53













          The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

          – kubanczyk
          May 14 at 12:16





          The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

          – kubanczyk
          May 14 at 12:16

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966881%2fapache-reverse-proxy-gets-redirection%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

          Image
          Barça LassaBAXI ManresaCafés Candelas BreogánDelteco GBCDivina Seguros JoventutHerbalife Gran CanariaIberostar TenerifeKirolbet BaskoniaMonbus ObradoiroMontakit FuenlabradaMoraBanc AndorraMovistar EstudiantesReal MadridSan Pablo BurgosTecnyconta ZaragozaUCAM MurciaUnicajaValencia Basket Club Baloncesto Breogán baloncestoLugoGalicia1966JuanJosé Ramón Varela Portasmáxima categoría1970competicións europeasLiga ACBPavillón MunicipalPazo dos DeportesJesús Lázareliga EBAClub Estudiantes1965Lugobaloncestosegunda divisiónJosé RamónJuan Varela-Portas y Pardo1966Celestino Fernández de la Vega196869primeira divisiónZaragozaprimeira divisiónReal MadridJoventutEstudiantes19701971máxima categoría estatal11 de outubro1970Palacio dos DeportesLugoTenerifeMadridReal MadridAlfredo PérezBreogán19711972TenerifeMadridvascocatalánAlfredo PérezespañolMadridLugoManresa La Casera19741975As...
          Read more

          Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

          Image
          Parroquias da LarachaParroquias de Galicia baixo a advocación de Santiago o Maior coruñésLarachacomarca de BergantiñosIGE20131999castro de Montesclarospoboado castrexoidade de ferroromanización de Galiciamiliariopazo de Montesclarosséculo XIXAmboadeA AreosaA BarreiraBos AiresA BoticaAs Brañas da ViñaAs BrañasBusteloOs CanedosFerreirosAs FervenzasA Fonte da CanleO FormigueiroFornelosA FragaFragundeGravidoA LamelaMarfuloOs MeánsMontes ClarosA PanelaO PazoQuintánsRibelaSamiroO SeixoA TelleiraVilañoVilanovaA ViñaVista AlegreCabovilaño (San Román)Caión (Santa María do Socorro)Coiro (San Xián)Erboedo (Santa María)Golmar (San Bieito)Lemaio (Santa Mariña)Lendo (San Xián)Lestón (San Martiño)Montemaior (Santa María Madanela)Soandres (San Pedro)Soutullo (Santa María)Torás (Santa María)Vilaño (Santiago) Vilaño, A Laracha Na Galipedia, a Wi...
          Read more

          Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

          Image
          OftalmoloxíaDiscapacidade sentidovistaNorteaméricaEuropaollopaíses en vías de desenvolvementopaíses desenvolvidos2014Organización Mundial da SaúdeGaliciaretinopatía diabéticaglaucomaresto visualagudeza visualcampo visualterapia xénicaretinavirus do arrefriado comúncanadestradoséculo XIXLouis Brailleteclado brailleescáneresrecoñecemento óptico de caractereslectores de pantallacorsinestesiafrauta doceamareloclarineteazultamboresvermellopianoverdeSistema Constanzsemáforocans guíaBrailletactosoftwaretactoeuroAvuiséculo XXUnión SoviéticaFranciaItaliaInglaterraNataciónatletismociclismojudoesquífútbol salamontañismoxadrezgoalballsociedademúsicosindixentesprofetassabiosoídotactomúsicarisatactooídolinguaxePiaget (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u0...
          Read more