Apache reverse proxy gets redirectionApache reverse proxy: Change protocol in links and form targets from http to httpsnginx + varnish + apache differente IPs in VirtualHost ApacheHow to handle serlvet login redirects which cross reverse proxy virtual host boundaryeXist-db: can't start webstart client on a closed port, reverse proxied via apacheConnection refused HTTPS on ApacheHTTPS reverse proxy using apacheCorrect Apache reverse proxy config with SSL for Jenkins and SonarReverse Proxy with https redirect in LighttpdApache reverse proxy to docker containerHow to redirect nginx from http to https behind an apache reverse proxy?

Why would Ryanair allow me to book this journey through a third party, but not through their own website?

Apt - strange requests to d16r8ew072anqo.cloudfront.net:80

Python program to take in two strings and print the larger string

Need to read my home electrical meter

Of strange atmospheres - the survivable but unbreathable

Defining the standard model of PA so that a space alien could understand

How to cut a climbing rope?

My players want to grind XP but we're using milestone advancement

Is the Unsullied name meant to be ironic? How did it come to be?

In the 3D Zeldas, is it faster to roll or to simply walk?

Is it rude to call a professor by their last name with no prefix in a non-academic setting?

Specifying background color seen through semi-transparent surface

Did 20% of US soldiers in Vietnam use heroin, 95% of whom quit afterwards?

What is a Power on Reset IC?

Can I summon an otherworldly creature with the Gate spell without knowing its true name?

Popcorn is the only acceptable snack to consume while watching a movie

Do photons bend spacetime or not?

Find the three digit Prime number P from the given unusual relationships

In general, would I need to season a meat when making a sauce?

How should I introduce map drawing to my players?

Using credit/debit card details vs swiping a card in a payment (credit card) terminal

A steel cutting sword?

How to politely tell someone they did not hit "reply to all" in an email?

When the Torah was almost lost and one (or several) Rabbis saved it?



Apache reverse proxy gets redirection


Apache reverse proxy: Change protocol in links and form targets from http to httpsnginx + varnish + apache differente IPs in VirtualHost ApacheHow to handle serlvet login redirects which cross reverse proxy virtual host boundaryeXist-db: can't start webstart client on a closed port, reverse proxied via apacheConnection refused HTTPS on ApacheHTTPS reverse proxy using apacheCorrect Apache reverse proxy config with SSL for Jenkins and SonarReverse Proxy with https redirect in LighttpdApache reverse proxy to docker containerHow to redirect nginx from http to https behind an apache reverse proxy?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








-1















I'm trying to set up Apache as a reverse proxy. Here is the essential part of its configuration:



NameVirtualHost 10.16.10.245:9443
Listen 10.16.10.245:9443

<VirtualHost 10.16.10.245:9443>
 ServerName proxy.lan:9443

 SSLEngine on
 ...

 TraceEnable off

 SSLProxyEngine on
 ProxyPreserveHost On
 ProxyRequests Off
 ProxyVia full
 ProxyPass / http://localhost/
 ProxyPassReverse / http://localhost/
</VirtualHost>


Note, that the proxy is listening on a non standard port 9443. When I use a dummy page showing phpinfo as a backend everything works as expected. However the site I need to put behind the proxy is either too strictly or too poorly written, so the behaivior changes like this:



client -> https://proxy.lan:443 -> http://localhost = success
client -> https://proxy.lan:<ANY_OTHER_PORT> -> http://localhost = wrong redirect


The client gets redirected from https://proxy.lan:9443/ to https://proxy.lan/auth/login and obviously proxy can't serve the request cause it doesn't listen on port 443:



# wget --no-check-certificate -vS https://proxy.lan:9443
--2019-05-12 02:51:37-- https://proxy.lan:9443/
Resolving proxy.lan (proxy.lan)... 10.10.254.186
Connecting to proxy.lan (proxy.lan)|10.10.254.186|:9443... connected.
WARNING: cannot verify proxy.lan's certificate, issued by '...':
 Self-signed certificate encountered.
 WARNING: certificate common name 'backend.lan' doesn't match requested host name 'proxy.lan'.
HTTP request sent, awaiting response... 
 HTTP/1.1 302 Found
 Date: Sat, 11 May 2019 23:51:37 GMT
 Server: Apache
 Expires: Thu, 19 Nov 1981 08:52:00 GMT
 Cache-Control: no-cache, no-store, must-revalidate
 Pragma: no-cache
 Location: https://proxy.lan/auth/login
 X-Frame-Options: DENY
 X-XSS-Protection: 1; mode=block
 X-Content-Type-Options: nosniff
 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
 Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
 X-Permitted-Cross-Domain-Policies: none
 Content-Length: 0
 Content-Type: text/html; charset=UTF-8
 Set-Cookie: PHPSESSID=...; path=/; secure; HttpOnly
 Via: 1.1 proxy.lan:9443 (Apache/2.2.31)
 Connection: close
Location: https://proxy.lan/auth/login [following]
--2019-05-12 02:51:37-- https://proxy.lan/auth/login
Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.
Resolving proxy.lan (proxy.lan)... 10.10.254.186
Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.


I can manually add the port to the resulting URL and https://proxy.lan:9443/auth/login works except for all links on the page pointing to https://proxy.lan/...



Apache environment looks like this:



HTTP_HOST proxy.lan:9443
HTTP_VIA 1.1 proxy.lan:9443 (Apache/2.2.31)
HTTP_X_FORWARDED_FOR 10.100.0.30
HTTP_X_FORWARDED_HOST proxy.lan:9443
HTTP_X_FORWARDED_SERVER proxy.lan
HTTP_CONNECTION Keep-Alive
SERVER_SIGNATURE <address>Apache Server at proxy.lan Port 9443</address>
SERVER_NAME proxy.lan
SERVER_ADDR ::1
SERVER_PORT 9443
REMOTE_ADDR ::1
...


Any ideas what can be done on the proxy side? Some rewrite rules maybe?






apache-2.2 web-server reverse-proxy redirect







share|improve this question






























    -1















    I'm trying to set up Apache as a reverse proxy. Here is the essential part of its configuration:



    NameVirtualHost 10.16.10.245:9443
    Listen 10.16.10.245:9443

    <VirtualHost 10.16.10.245:9443>
     ServerName proxy.lan:9443

     SSLEngine on
     ...

     TraceEnable off

     SSLProxyEngine on
     ProxyPreserveHost On
     ProxyRequests Off
     ProxyVia full
     ProxyPass / http://localhost/
     ProxyPassReverse / http://localhost/
    </VirtualHost>


    Note, that the proxy is listening on a non standard port 9443. When I use a dummy page showing phpinfo as a backend everything works as expected. However the site I need to put behind the proxy is either too strictly or too poorly written, so the behaivior changes like this:



    client -> https://proxy.lan:443 -> http://localhost = success
    client -> https://proxy.lan:<ANY_OTHER_PORT> -> http://localhost = wrong redirect


    The client gets redirected from https://proxy.lan:9443/ to https://proxy.lan/auth/login and obviously proxy can't serve the request cause it doesn't listen on port 443:



    # wget --no-check-certificate -vS https://proxy.lan:9443
    --2019-05-12 02:51:37-- https://proxy.lan:9443/
    Resolving proxy.lan (proxy.lan)... 10.10.254.186
    Connecting to proxy.lan (proxy.lan)|10.10.254.186|:9443... connected.
    WARNING: cannot verify proxy.lan's certificate, issued by '...':
     Self-signed certificate encountered.
     WARNING: certificate common name 'backend.lan' doesn't match requested host name 'proxy.lan'.
    HTTP request sent, awaiting response... 
     HTTP/1.1 302 Found
     Date: Sat, 11 May 2019 23:51:37 GMT
     Server: Apache
     Expires: Thu, 19 Nov 1981 08:52:00 GMT
     Cache-Control: no-cache, no-store, must-revalidate
     Pragma: no-cache
     Location: https://proxy.lan/auth/login
     X-Frame-Options: DENY
     X-XSS-Protection: 1; mode=block
     X-Content-Type-Options: nosniff
     Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
     Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
     X-Permitted-Cross-Domain-Policies: none
     Content-Length: 0
     Content-Type: text/html; charset=UTF-8
     Set-Cookie: PHPSESSID=...; path=/; secure; HttpOnly
     Via: 1.1 proxy.lan:9443 (Apache/2.2.31)
     Connection: close
    Location: https://proxy.lan/auth/login [following]
    --2019-05-12 02:51:37-- https://proxy.lan/auth/login
    Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.
    Resolving proxy.lan (proxy.lan)... 10.10.254.186
    Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.


    I can manually add the port to the resulting URL and https://proxy.lan:9443/auth/login works except for all links on the page pointing to https://proxy.lan/...



    Apache environment looks like this:



    HTTP_HOST proxy.lan:9443
    HTTP_VIA 1.1 proxy.lan:9443 (Apache/2.2.31)
    HTTP_X_FORWARDED_FOR 10.100.0.30
    HTTP_X_FORWARDED_HOST proxy.lan:9443
    HTTP_X_FORWARDED_SERVER proxy.lan
    HTTP_CONNECTION Keep-Alive
    SERVER_SIGNATURE <address>Apache Server at proxy.lan Port 9443</address>
    SERVER_NAME proxy.lan
    SERVER_ADDR ::1
    SERVER_PORT 9443
    REMOTE_ADDR ::1
    ...


    Any ideas what can be done on the proxy side? Some rewrite rules maybe?






    apache-2.2 web-server reverse-proxy redirect







    share|improve this question


























      -1












      -1








      -1








      I'm trying to set up Apache as a reverse proxy. Here is the essential part of its configuration:



      NameVirtualHost 10.16.10.245:9443
      Listen 10.16.10.245:9443

      <VirtualHost 10.16.10.245:9443>
       ServerName proxy.lan:9443

       SSLEngine on
       ...

       TraceEnable off

       SSLProxyEngine on
       ProxyPreserveHost On
       ProxyRequests Off
       ProxyVia full
       ProxyPass / http://localhost/
       ProxyPassReverse / http://localhost/
      </VirtualHost>


      Note, that the proxy is listening on a non standard port 9443. When I use a dummy page showing phpinfo as a backend everything works as expected. However the site I need to put behind the proxy is either too strictly or too poorly written, so the behaivior changes like this:



      client -> https://proxy.lan:443 -> http://localhost = success
      client -> https://proxy.lan:<ANY_OTHER_PORT> -> http://localhost = wrong redirect


      The client gets redirected from https://proxy.lan:9443/ to https://proxy.lan/auth/login and obviously proxy can't serve the request cause it doesn't listen on port 443:



      # wget --no-check-certificate -vS https://proxy.lan:9443
      --2019-05-12 02:51:37-- https://proxy.lan:9443/
      Resolving proxy.lan (proxy.lan)... 10.10.254.186
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:9443... connected.
      WARNING: cannot verify proxy.lan's certificate, issued by '...':
       Self-signed certificate encountered.
       WARNING: certificate common name 'backend.lan' doesn't match requested host name 'proxy.lan'.
      HTTP request sent, awaiting response... 
       HTTP/1.1 302 Found
       Date: Sat, 11 May 2019 23:51:37 GMT
       Server: Apache
       Expires: Thu, 19 Nov 1981 08:52:00 GMT
       Cache-Control: no-cache, no-store, must-revalidate
       Pragma: no-cache
       Location: https://proxy.lan/auth/login
       X-Frame-Options: DENY
       X-XSS-Protection: 1; mode=block
       X-Content-Type-Options: nosniff
       Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
       Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
       X-Permitted-Cross-Domain-Policies: none
       Content-Length: 0
       Content-Type: text/html; charset=UTF-8
       Set-Cookie: PHPSESSID=...; path=/; secure; HttpOnly
       Via: 1.1 proxy.lan:9443 (Apache/2.2.31)
       Connection: close
      Location: https://proxy.lan/auth/login [following]
      --2019-05-12 02:51:37-- https://proxy.lan/auth/login
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.
      Resolving proxy.lan (proxy.lan)... 10.10.254.186
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.


      I can manually add the port to the resulting URL and https://proxy.lan:9443/auth/login works except for all links on the page pointing to https://proxy.lan/...



      Apache environment looks like this:



      HTTP_HOST proxy.lan:9443
      HTTP_VIA 1.1 proxy.lan:9443 (Apache/2.2.31)
      HTTP_X_FORWARDED_FOR 10.100.0.30
      HTTP_X_FORWARDED_HOST proxy.lan:9443
      HTTP_X_FORWARDED_SERVER proxy.lan
      HTTP_CONNECTION Keep-Alive
      SERVER_SIGNATURE <address>Apache Server at proxy.lan Port 9443</address>
      SERVER_NAME proxy.lan
      SERVER_ADDR ::1
      SERVER_PORT 9443
      REMOTE_ADDR ::1
      ...


      Any ideas what can be done on the proxy side? Some rewrite rules maybe?






      apache-2.2 web-server reverse-proxy redirect







      share|improve this question
















      I'm trying to set up Apache as a reverse proxy. Here is the essential part of its configuration:



      NameVirtualHost 10.16.10.245:9443
      Listen 10.16.10.245:9443

      <VirtualHost 10.16.10.245:9443>
       ServerName proxy.lan:9443

       SSLEngine on
       ...

       TraceEnable off

       SSLProxyEngine on
       ProxyPreserveHost On
       ProxyRequests Off
       ProxyVia full
       ProxyPass / http://localhost/
       ProxyPassReverse / http://localhost/
      </VirtualHost>


      Note, that the proxy is listening on a non standard port 9443. When I use a dummy page showing phpinfo as a backend everything works as expected. However the site I need to put behind the proxy is either too strictly or too poorly written, so the behaivior changes like this:



      client -> https://proxy.lan:443 -> http://localhost = success
      client -> https://proxy.lan:<ANY_OTHER_PORT> -> http://localhost = wrong redirect


      The client gets redirected from https://proxy.lan:9443/ to https://proxy.lan/auth/login and obviously proxy can't serve the request cause it doesn't listen on port 443:



      # wget --no-check-certificate -vS https://proxy.lan:9443
      --2019-05-12 02:51:37-- https://proxy.lan:9443/
      Resolving proxy.lan (proxy.lan)... 10.10.254.186
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:9443... connected.
      WARNING: cannot verify proxy.lan's certificate, issued by '...':
       Self-signed certificate encountered.
       WARNING: certificate common name 'backend.lan' doesn't match requested host name 'proxy.lan'.
      HTTP request sent, awaiting response... 
       HTTP/1.1 302 Found
       Date: Sat, 11 May 2019 23:51:37 GMT
       Server: Apache
       Expires: Thu, 19 Nov 1981 08:52:00 GMT
       Cache-Control: no-cache, no-store, must-revalidate
       Pragma: no-cache
       Location: https://proxy.lan/auth/login
       X-Frame-Options: DENY
       X-XSS-Protection: 1; mode=block
       X-Content-Type-Options: nosniff
       Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
       Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
       X-Permitted-Cross-Domain-Policies: none
       Content-Length: 0
       Content-Type: text/html; charset=UTF-8
       Set-Cookie: PHPSESSID=...; path=/; secure; HttpOnly
       Via: 1.1 proxy.lan:9443 (Apache/2.2.31)
       Connection: close
      Location: https://proxy.lan/auth/login [following]
      --2019-05-12 02:51:37-- https://proxy.lan/auth/login
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.
      Resolving proxy.lan (proxy.lan)... 10.10.254.186
      Connecting to proxy.lan (proxy.lan)|10.10.254.186|:443... failed: Connection refused.


      I can manually add the port to the resulting URL and https://proxy.lan:9443/auth/login works except for all links on the page pointing to https://proxy.lan/...



      Apache environment looks like this:



      HTTP_HOST proxy.lan:9443
      HTTP_VIA 1.1 proxy.lan:9443 (Apache/2.2.31)
      HTTP_X_FORWARDED_FOR 10.100.0.30
      HTTP_X_FORWARDED_HOST proxy.lan:9443
      HTTP_X_FORWARDED_SERVER proxy.lan
      HTTP_CONNECTION Keep-Alive
      SERVER_SIGNATURE <address>Apache Server at proxy.lan Port 9443</address>
      SERVER_NAME proxy.lan
      SERVER_ADDR ::1
      SERVER_PORT 9443
      REMOTE_ADDR ::1
      ...


      Any ideas what can be done on the proxy side? Some rewrite rules maybe?






      apache-2.2 web-server reverse-proxy redirect




      apache-2.2 web-server reverse-proxy redirect






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited May 12 at 10:21







      Fmy Oen

















      asked May 12 at 0:59









      Fmy OenFmy Oen

      29125




      29125




















          1 Answer
          1






          active

          oldest

          votes


















          0














          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.






          share|improve this answer























          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16











          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966881%2fapache-reverse-proxy-gets-redirection%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.






          share|improve this answer























          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16















          0














          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.






          share|improve this answer























          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16













          0












          0








          0







          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.






          share|improve this answer













          The ProxyPreserveHost on is causing this. If you are not sure-sure that you need it, always leave it at default off and you are good.



          For the rare cases when you do need ProxyPreserveHost on, adjust your ProxyPassReverse wisely - this is the only directive that handles the redirects.



          ProxyPassReverse / http://localhost/ looks wrong in your scenario, because your backend (the 80 app) doesn't seem to say "I redirect you to http://localhost/foo/bar" anywhere. If you put ProxyPassReverse / https://proxy.lan/ there is a chance it will work better - check the official docs.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered May 12 at 11:57









          kubanczykkubanczyk

          10.8k42946




          10.8k42946












          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16

















          • Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

            – Fmy Oen
            May 13 at 13:54












          • I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

            – kubanczyk
            May 13 at 19:54












          • Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

            – Fmy Oen
            May 14 at 8:53











          • The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

            – kubanczyk
            May 14 at 12:16
















          Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

          – Fmy Oen
          May 13 at 13:54






          Thanks a lot @kubanczyk. Your version of ProxyPassReverse helped me to set the port right, although I can't say I understand clearly why it works. As for ProxyPreserveHost directive, it still set to on. In case it's off I get redirect to localhost/auth/login. I also installed mod_proxy_html to remap paths in resulting page ProxyHTMLEnable On; ProxyHTMLURLMap https://proxy.lan/ https://proxy.lan:9443/ and that concludes my setup.

          – Fmy Oen
          May 13 at 13:54














          I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

          – kubanczyk
          May 13 at 19:54






          I think if you use curl -v http://localhost and pay attention to the Host: header and the Location: header, you'll understand what the ProxyPassReverse does. It's a simple textual replacement. @FmyOen

          – kubanczyk
          May 13 at 19:54














          Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

          – Fmy Oen
          May 14 at 8:53





          Can you also explain the idea behind ProxyPreserveHost Off? Currently it looks for me like a total no-go, at least without applying some rewrite rules.

          – Fmy Oen
          May 14 at 8:53













          The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

          – kubanczyk
          May 14 at 12:16





          The idea is to behave as a normal http client, i.e. use header Host: localhost when talking to url http://localhost/

          – kubanczyk
          May 14 at 12:16

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966881%2fapache-reverse-proxy-gets-redirection%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

          Image
          centralized watchlist Wikipedia:Vital articles Wikipedia дан Jump to navigation Jump to search This is a list of basic subjects for which Wikipedia should have a corresponding high-quality article, and ideally a featured article. It also serves as a centralized watchlist and tracks the status of some of Wikipedia's most essential articles. Ideally this page should list approximately 1,000 of the most vital Wikipedia articles. Мазмуну 1 Biography - Өмүр баян 1.1 Actors, dancers and models - Актёрлор, бийчилер жана моделдер 1.2 Artists and architects - Сүрөтчүлөр жана архитекторлор 1.3 Authors, playwrights and poets - Жазуучулар, драматургдар жана акындар 1.4 Composers and musicians - Композиторлор жана музыканттар 1.5 Explorers and travelers - Изилдөөчүлөр менен саякатчылар 1.6 Film directors and screenwriters - Режиссёрлор жана сценаристтер 1.7 Inventors, scientists and mathematicians - Ойлоп табуучулар, окумуштуулар жана математиктер
          Read more

          Bruxelas-Capital Índice Historia | Composición | Situación lingüística | Clima | Cidades irmandadas | Notas | Véxase tamén | Menú de navegacióneO uso das linguas en Bruxelas e a situación do neerlandés"Rexión de Bruxelas Capital"o orixinalSitio da rexiónPáxina de Bruselas no sitio da Oficina de Promoción Turística de Valonia e BruxelasMapa Interactivo da Rexión de Bruxelas-CapitaleeWorldCat332144929079854441105155190212ID28008674080552-90000 0001 0666 3698n94104302ID540940339365017018237

          Image
          AnderlechtCidade de BruxelasIxellesEtterbeekEvereGanshorenJetteKoekelbergAuderghemSchaerbeekBerchem-Sainte-AgatheSaint-GillesMolenbeek-Saint-JeanSaint-Josse-ten-NoodeWoluwe-Saint-LambertWoluwe-Saint-PierreUccleForestWatermaal-Bosvoorde Comunidade Francesa de Bélxica Comunidade Flamenga de Bélxica Comunidade Xermanófona de Bélxica Bruxelas-CapitalRexións de Bélxica francésneerlandésRexiónsBélxicacomunidade francesacomunidade flamengafrancófonaflamengaUnión EuropeaMagrebMarrocosTurquíaAméricaÁfricaRepública Democrática do CongoEuropa central18 de xuño1989FlandresRexión Valoaflamengaséculo XIXClasificación climática de Köppen Bruxelas-Capital Na Galipedia, a Wikipedia en galego. Saltar ata a navegación Saltar á procura Para outras páxinas con títulos homónimos véxase: Bruxelas . Région de Bruxelles-Capitale Brussels Hoofdstedelijk Gewest Bandeira Estado Bélxica Capital Cidade de Bruxelas  • Poboación n/d Lingua oficial As dúas Superficie  • Total 1
          Read more

          What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company

          Image
          When is the original BFGS algorithm still better than the Limited-Memory version? How well known and how commonly used was Huffman coding in 1979? Inverse-quotes-quine Can the US president have someone sent to jail? Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver? Do French speakers not use the subjunctive informally? Low-gravity Bronze Age fortifications Does ultrasonic bath cleaning damage laboratory volumetric glassware calibration? Why do some games show lights shine through walls? Unusual mail headers, evidence of an attempted attack. Have I been pwned? Smooth Julia set for quadratic polynomials Require advice on power conservation for backpacking trip Dimensions of list used in test C-152 carb heat on before landing in hot weather? Is my Rep in Stack-Exchange Form? What happens when your group is victim of a surprise attack but you can't be surprised? How come I was asked by a CBP
          Read more