1

My company uses a webapp that's reachable on http://10.10.10.20/WebAPP running on IIS on Windows Server 2019.

Now, said WebAPP needs to be accessible via the internet, and thus SSL is needed - no problem I thought, I'll use NGINX as reverse proxy, as we do for many other sites, and call it a day.

But I then found out that WebAPP does not like very much when the requested URI is anything other than it's IP or Windows NetBIOS name.

So when trying to go to https://app.company.se/WebAPP I get a 500 Internal HTTP error, and looking through the logs for WebAPP sees that the request is coming from app.company.se/WebAPP which it does not like.

My NGINX configuration is as follows:

server { server_name webapp.company.com; location / { proxy_pass http://10.10.10.20; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; } }

I have also tried adding: proxy_set_header X-Forwarded-Host "http://10.10.10.20/" to trick the webapp, but no dice.

So I think I just have to configure NGINX to simply not inform the WebAPP that there's someone else behind the NGINX Reverse Proxy asking for data, and as far as the WebAPP goes - the reverse proxy is the only one accessing the WebAPP.

Is this possible?

Improve this question

1 Answer 1

Reset to default
0

The directive proxy_set_header Host $http_host; explicitly instructs nginx to use the use webapp.company.com as the HTTP Host: header when it is making requests to 10.10.10.20.

Simply omit that directive, or explicitly set it to the default value of proxy_set_header Host $proxy_host; and nginx will use Host: 10.10.10.20

Improve this answer
4
  • When I do that, I run into an infinite username / password loop from the WebAPP that normally only happens once. And the webtrace stills shows the proxy URL: Internal Web API - Unauthorized request: Referrer = webapp.company.com/WebAPP; Requested URI root = 10.10.10.20/WebAPP Strange. Any ideas what might cause that? Commented Apr 15, 2021 at 6:59
  • @EmilG Looks like you also need to alter the Referer HTTP header. Check this one. Commented Apr 17, 2021 at 0:19
  • @IvanShatsky That did not seem to do anything else. I'm also not 100% what you mean, should I set refer to the reverse proxies IP-address? It also sends me into a credential loop where as normally it asks once. Commented Apr 19, 2021 at 9:18
  • @EmilG Exactly, try proxy_set_header Referer 10.x.x.x; where 10.x.x.x is a proxy internal IP address (from 10.0.0.0/8 subnet). There can be a more complex case where you would need to substitute 10.x.x.x instead of webapp.company.com leaving all the other string parts unchanged, but first give more simple 10.x.x.x a try. Commented Apr 19, 2021 at 9:30

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.