10

Case:

User requests https://api.abc.com

This is reverse proxied (Apache 2.2) to an internal server server at http://internal.abc.com:123

As per Retain original request URL on mod_proxy redirect , by adding:

ProxyPreserveHost On

to httpd.conf, internal.abc.com currently recognizes the original request url as:

http://api.abc.com:123

Is there any way for me to recover the original URL of https://api.abc.com ? That is, to also retain the original protocol (http) and port (80, or empty is also fine)

Community
  • 1
  • 1
ChaimKut
  • 2,759
  • 3
  • 38
  • 64

3 Answers3

4

You need this parameter RequestHeader set X-Forwarded-Proto "https", without this, the returned location will be http://api.abc.com.

ProxyRequests Off
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"

ProxyPass / http://internal.abc.com:123
ProxyPassReverse / http://internal.abc.com:123

With this configuration, both queries (from lan and wan) will work fine:

https://api.abc.com
http://internal.abc.com:123
Stéphane Millien
  • 3,238
  • 22
  • 36
2

The way that I have got around this is by adding a header in my virtual host file. RequestHeader set original-protocol-ssl true early

You will then need to check for this header in your code to determine where it came from.

gbradley
  • 21
  • 5
1
ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://internal.abc.com:123
ProxyPassReverse / http://internal.abc.com:123

This code from my testing in my own envoirment, should take internal.abc.com:123 and cloak it to whatever url your adding the code to in the < virtualhost > brackets.

If its api.abc.com it should proxy the info from internal.abc.com:123 to api.abc.com without the port number behind it. The ProxyPassReverse does this for you.

alexj
  • 62
  • 1
  • 1
  • 7
  • The question isn't about how to proxy. Let's assume that proxying works (with a solution similar to the one you suggest). The question is how can the machine behind the reverse proxy (hostname 'internal') know the port and protocol used by the original user request. – ChaimKut Feb 08 '14 at 17:13
  • All of the data is normally forwarded over, example I use this for wordpress admin projects. It will pass the login and cookie info over all for me. Most people I see using this seem to be using it for tomcat on a different port but using proxypass to cloak it internally. – alexj Feb 10 '14 at 13:38
  • 1
    Yes, it is true that login and cookie are passed along. My problem is that I don't see the original request's protocol (https, let's say) and port being passed as well. – ChaimKut Feb 11 '14 at 11:48