What's new

Reverse proxying router config

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

kayson

Occasional Visitor
I'm trying to use apache2 to reverse proxy a connection to my router config from the outside world, but I'm having some trouble getting it to work.

If I access my reverse proxy url: https://router.domain.com, the login page comes up just fine. However, if I put in the correct user/pass, it just reloads the login page.

Interestingly, if I access the router config locally, via 192.168.1.1, and put in the wrong password, it gives me the following response:
HTML:
<HTML><HEAD>
<script>parent.location.href='/Main_Login.asp';</script>
</HEAD></HTML>

However, if I do the same thing via my reverse proxy, I get:
HTML:
<HTML><HEAD><script>top.location.href='/Main_Login.asp';</script>
</HEAD></HTML>

I have no idea why the response is different. The requests are being sent the same, though I can't say exactly how the reverse proxy modifies it. I see no errors in my apache2 logs, and nothing in the router logs to speak of.

Anyone have any ideas how to debug this?
 
What I did that worked was add this after the proxy_pass line on the proxy site config:

This is on nginx by the way. Will need "translation" if on apache.

Code:
proxy_set_header  Host $host;
proxy_set_header  X-Real-IP $remote_addr;
proxy_set_header  X-Forwarded-Proto https;
proxy_set_header  X-Forwarded-For $remote_addr;
proxy_set_header  X-Forwarded-Host $remote_addr;

Complete subdomain reverse proxy file for reference:
  • note that I use http auth as another layer on top of the login page when accessing from outside
  • also note that this is using one of linuxserver.io containers for letsencrypt/nginx reverse proxy

Code:
# make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode,
# replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex
# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")

server {
    listen 443 ssl;

    server_name asus.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;
    proxy_redirect off;
    proxy_buffering off;
 
    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;


    location / {
        # enable the next two lines for http auth
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 192.168.1.1 valid=30s;
        set $upstream_asus asus;

        proxy_pass https://192.168.1.1:8443;
    
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-Proto https;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  X-Forwarded-Host $remote_addr;
    
    
    }
}
 
Last edited:
What I did that worked was add this after the proxy_pass line on the proxy site config:

Code:
proxy_set_header  Host $host;
proxy_set_header  X-Real-IP $remote_addr;
proxy_set_header  X-Forwarded-Proto https;
proxy_set_header  X-Forwarded-For $remote_addr;
proxy_set_header  X-Forwarded-Host $remote_addr;

Complete subdomain reverse proxy file for reference:
  • note that I use http auth as another layer on top of the login page when accessing from outside
  • also note that this is using one of linuxserver.io containers for letsencrypt/nginx reverse proxy

Code:
# make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode,
# replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex
# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")

server {
    listen 443 ssl;

    server_name asus.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;
    proxy_redirect off;
    proxy_buffering off;
 
    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;


    location / {
        # enable the next two lines for http auth
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 192.168.1.1 valid=30s;
        set $upstream_asus asus;

        proxy_pass https://192.168.1.1:8443;
    
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-Proto https;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  X-Forwarded-Host $remote_addr;
    
    
    }
}

Would you be willing to share the rest of your config? I've been struggling a little with mine but it appears you have the same setup as I do.

Thanks I appreciate your help too!
 
Would you be willing to share the rest of your config? I've been struggling a little with mine but it appears you have the same setup as I do.

Thanks I appreciate your help too!


Right now it is:

Code:
# make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode,

# replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex

# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")


server {

    listen 443 ssl;


    server_name asus.*;


    include /config/nginx/ssl.conf;


    client_max_body_size 0;

    proxy_redirect off;

    proxy_buffering off;

   

    # enable for ldap auth, fill in ldap details in ldap.conf 

    #include /config/nginx/ldap.conf;



    location / {

        # enable the next two lines for http auth

        auth_basic "Restricted";

        auth_basic_user_file /config/nginx/.htpasswd;


        # enable the next two lines for ldap auth

        #auth_request /auth;

        #error_page 401 =200 /login;


        include /config/nginx/proxy.conf;

        resolver 192.168.1.1 valid=30s;

        set $upstream_asus asus;

        #proxy_pass http://$upstream_plex:32400;

        proxy_pass https://192.168.1.1:8443;

       

        proxy_set_header  Host $host;

        proxy_set_header  X-Real-IP $remote_addr;

        proxy_set_header  X-Forwarded-Proto https;

        proxy_set_header  X-Forwarded-For $remote_addr;

        proxy_set_header  X-Forwarded-Host $remote_addr;

       

        #proxy_set_header Upgrade $http_upgrade;

        #proxy_set_header Connection "upgrade";


        #proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;

        #proxy_set_header X-Plex-Device $http_x_plex_device;

        #proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;

        #proxy_set_header X-Plex-Platform $http_x_plex_platform;

        #proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;

        #proxy_set_header X-Plex-Product $http_x_plex_product;

        #proxy_set_header X-Plex-Token $http_x_plex_token;

        #proxy_set_header X-Plex-Version $http_x_plex_version;

        #proxy_set_header X-Plex-Nocache $http_x_plex_nocache;

        #proxy_set_header X-Plex-Provides $http_x_plex_provides;

        #proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;

        #proxy_set_header X-Plex-Model $http_x_plex_model;

    }

}
 
Last edited:
What I did that worked was add this after the proxy_pass line on the proxy site config:

This is on nginx by the way. Will need "translation" if on apache.

Code:
proxy_set_header  Host $host;
proxy_set_header  X-Real-IP $remote_addr;
proxy_set_header  X-Forwarded-Proto https;
proxy_set_header  X-Forwarded-For $remote_addr;
proxy_set_header  X-Forwarded-Host $remote_addr;

Complete subdomain reverse proxy file for reference:
  • note that I use http auth as another layer on top of the login page when accessing from outside
  • also note that this is using one of linuxserver.io containers for letsencrypt/nginx reverse proxy

Code:
# make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode,
# replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex
# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")

server {
    listen 443 ssl;

    server_name asus.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;
    proxy_redirect off;
    proxy_buffering off;
 
    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;


    location / {
        # enable the next two lines for http auth
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 192.168.1.1 valid=30s;
        set $upstream_asus asus;

        proxy_pass https://192.168.1.1:8443;
   
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-Proto https;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  X-Forwarded-Host $remote_addr;
   
   
    }
}
Thank you! This worked for me. Apache automatically sets those headers (except X-Forwarded-Proto, which I manually added). I think my issue was needing to set ProxyPreserveHost. New config below:

Code:
<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerName router.domain.com
                Include /etc/apache2/ssl.conf

                <IfModule mod_proxy_http.c>
                        RequestHeader set X-Forwarded-Proto "https"
                        ProxyPreserveHost On
                        SSLProxyEngine On
                        SSLProxyCheckPeerName off
                        ProxyPass "/" "https://192.168.1.1/"
                        ProxyPassReverse "/" "https://192.168.1.1/"
                        ProxyPassReverseCookieDomain "192.168.1.1" "router.domain.com"
                </IfModule>
        </VirtualHost>
</IfModule>
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top