[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] Preserving in-bound address through reverse proxy


We have a reverse proxy configured to route in-bound traffic to one of two different applications.  Here's our proxy conf:

ProxyPass /foo !
ProxyPass / http://localhost:8080/

There's an instance of Tomcat running on port 8080.

I'm trying to determine if it is possible to preserve the original in-bound address on the requests routed to localhost:8080.  What I'm observing is that the servlet sees all in-bound traffic addressed to "http://localhost:8080"; rather than the real external address of my server.  For example, when a client sends a request to "https://myserver.com/api/v3/blah";, the reverse proxy routes the request to "http://localhost:8080/api/v3/blah"; and so the servlet sees the request addressed to "http://localhost:8080"; rather than "https://myserver.com";.

I read through the docs for mod_proxy and mod_env thinking that I could use those to inject the correct information, but can't quite get it working.  For example:

RequestHeader edit Location "(^http[s]?://)([a-zA-Z0-9\.\-]+)(:[0-9]+)" "%{SERVER_PROTOCOL}e://%{SERVER_NAME}e:%{SERVER_PORT}e"

I'm pretty sure I'm misusing PassEnv here, but the idea was to rewrite the "Location" header as it is passing through the reverse proxy so it preserves the original request info.

I can *remove* the wrong server address with this:

RequestHeader edit Location "(^http[s]?://)([a-zA-Z0-9\.\-]+)(:[0-9]+)" ""

but I can't inject (or preserve) the correct information.

I'm aware that the proxy injects X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Server, but that's not enough information to fully reconstruct the original request address (including scheme and port number).

I also tried using:

ProxyPreserveHost On

Which mostly seems to work, but loses the correct scheme - when my client requests "https://...";, the reverse proxy sends that to "http://...";.

Is there any way to preserve the original requested address as it passes through the proxy?



To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx