Running FusionAuth behind Apache Traffic Server (Reverse Proxy)

pdormehl · 1 Jun 2023, 16:43

Hi, we are having issues getting FusionAuth to activate behind our reverse proxy which is Apache Traffic Server.
Pages load, but when we try and use fusionAuth, we get the following error.
Web Server Error
Description: The host requested did not return the document correctly.
We dont get any errors on the home page.

vinicius.campitelli · 6 Dec 2023, 18:33

Hi there!

I don't have any experience with Apache Traffic Server to be honest but are you running your FusionAuth instance with HTTPS? If so, does Apache Traffic Server trust the FusionAuth certificate?

I did manage to make it work locally by configuring the reverse proxy like shown on their docs and adding this mapping to the remap.config file:

map http://fusionauth.local:8080/ http://fusionauth-fusionauth-1:9011/

This will make it proxy requests to http://fusionauth-fusionauth-1:9011/ when it receives a request with Host: fusionauth.local:8080. Then, I added fusionauth.local to my /etc/hosts to point to Traffic Server.

This was enough to reach the FusionAuth instance, but I still needed to configure some HTTP headers to make it function correctly. Using Traffic Server's header rewrite plugin, I changed the config above to:

map http://fusionauth.local:8080/ http://fusionauth-fusionauth-1:9011/ @plugin=header_rewrite.so @pparam=fusionauth.conf

And created a fusionauth.conf file with the needed headers:

set-header X-Forwarded-Host %{CLIENT-URL:HOST}
set-header X-Forwarded-Port %{CLIENT-URL:PORT}

Please let me know if that works.