Reverse Proxy Errors — SSL Termination, Header Forwarding, and Backend Connection Issues

Overview

Fix Linux reverse proxy errors including SSL termination failures, missing X-Forwarded headers, WebSocket proxying issues, and backend routing problems.

Key Details

• Reverse proxies handle SSL termination, load balancing, and routing to backend applications
• X-Forwarded-For, X-Forwarded-Proto, and X-Real-IP headers must be set for backends to see client info
• WebSocket connections require special proxy configuration for HTTP upgrade handling
• SSL termination at the proxy means the backend receives HTTP, which can confuse URL generation
• Health checks must distinguish between proxy layer and backend application failures

Common Causes

• Missing X-Forwarded-For/Proto headers causing backend to see proxy IP instead of client IP
• WebSocket upgrade not configured — proxy dropping the connection on WS handshake
• SSL certificate on proxy not matching the requested domain
• Backend receiving HTTP but generating HTTPS URLs, causing redirect loops

Steps

1. 1Set forwarding headers in Nginx: 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;'
2. 2For WebSocket: add 'proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";'
3. 3Configure backend to trust proxy headers (Express: trust proxy, Django: SECURE_PROXY_SSL_HEADER)
4. 4Use 'proxy_set_header Host $host;' to preserve the original hostname for the backend
5. 5Test SSL certificate: 'openssl s_client -connect yourdomain.com:443 -servername yourdomain.com'

Tags

Related Items

More in Web Server

Frequently Asked Questions