How to configure Apache as a reverse proxy when terminating ssl at a load balancer?

Matthew Wang
2021-08-22 06:28


There may be cases where you are terminating SSL at the load balancer (so all requests hitting the reverse proxy are http). If so, the reverse proxy configuration would be different than the default configuration Artifactory generates. 


Below is an example of an apache configuration (nginx should be similar), with the important parts involving the necessary request headers bolded and underlined:


    ProxyPreserveHost On
    ServerAlias *
    ErrorLog /var/log/httpd/error-80.log
    LogLevel warn
    CustomLog /var/log/httpd/access-80.log combined
    AllowEncodedSlashes On
    RewriteEngine on
    RewriteCond %{SERVER_PORT} (.*)
    RewriteRule (.*) – [E=my_server_port:%1]
    ##  NOTE: The 'REQUEST_SCHEME' Header is supported only from apache version 2.4 and above
    RewriteCond %{REQUEST_SCHEME} (.*)
    RewriteRule (.*) – [E=my_scheme:%1]
    RewriteCond %{HTTP_HOST} (.*)
    RewriteRule (.*) – [E=my_custom_host:%1]

    RewriteCond "%{REQUEST_URI}" "^/(v1|v2)/"
    RewriteCond "%{HTTP_HOST}" "^(.*).test.artifactory$"
    RewriteRule "^/(v1|v2)/(.*)$" "/artifactory/api/docker/%1/$1/$2" [PT]

    RewriteRule ^/$               https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory(/)?$     https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory/webapp$  https://artifactory.test.artifactory/artifactory/webapp/ [R,L]

    RequestHeader set Host %{my_custom_host}e
    RequestHeader set X-Forwarded-Port 443 
    ## NOTE: {my_scheme} requires a module which is supported only from apache version 2.4 and above
    RequestHeader set X-Forwarded-Proto https
    RequestHeader set X-Artifactory-Override-Base-Url https://artifactory.test.artifactory/artifactory

    ProxyPassReverseCookiePath /artifactory /artifactory
    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass /artifactory/
    ProxyPassReverse /artifactory/


For the above, you can also choose to take out the below RewriteRules, and let Artifactory handle the redirects:

    RewriteRule ^/$               https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory(/)?$     https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory/webapp$  https://artifactory.test.artifactory/artifactory/webapp/ [R,L]