Preserving in-bound address through reverse proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
We have a reverse proxy configured to route in-bound traffic to one of two different applications.  Here's our proxy conf: 

ProxyPass /foo !
ProxyPass / http://localhost:8080/

There's an instance of Tomcat running on port 8080.
I'm trying to determine if it is possible to preserve the original in-bound address on the requests routed to localhost:8080.  What I'm observing is that the servlet sees all in-bound traffic addressed to "http://localhost:8080"; rather than the real external address of my server.  For example, when a client sends a request to "https://myserver.com/api/v3/blah";, the reverse proxy routes the request to "http://localhost:8080/api/v3/blah"; and so the servlet sees the request addressed to "http://localhost:8080"; rather than "https://myserver.com";.
I read through the docs for mod_proxy and mod_env thinking that I could use those to inject the correct information, but can't quite get it working.  For example: 

PassEnv SERVER_PROTOCOL SERVER_NAME SERVER_PORT
RequestHeader edit Location "(^http[s]?://)([a-zA-Z0-9\.\-]+)(:[0-9]+)" "%{SERVER_PROTOCOL}e://%{SERVER_NAME}e:%{SERVER_PORT}e"
I'm pretty sure I'm misusing PassEnv here, but the idea was to rewrite the "Location" header as it is passing through the reverse proxy so it preserves the original request info. 

I can *remove* the wrong server address with this:

RequestHeader edit Location "(^http[s]?://)([a-zA-Z0-9\.\-]+)(:[0-9]+)" ""

but I can't inject (or preserve) the correct information.
I'm aware that the proxy injects X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Server, but that's not enough information to fully reconstruct the original request address (including scheme and port number). 

I also tried using:

ProxyPreserveHost On
Which mostly seems to work, but loses the correct scheme - when my client requests "https://...";, the reverse proxy sends that to "http://...";.
Is there any way to preserve the original requested address as it passes through the proxy? 

Thanks,

--Ryan

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux