In Node.js, finding the original client URL when app is behind a reverse proxy

Question

I'm working on a Node.js/Express application that, when deployed, sits behind a reverse proxy.

For example: http://myserver:3000/ is where the application actually sits, but users access it at https://proxy.mycompany.com/myapp .

I can get the original user agent request's host from a header passed through easily enough (if the reverse proxy is configured properly), but how do I get that extra bit of path and protocol information from the original URL accessed by the browser?

When my application has to generate redirects, it needs to know that the end user's browser expects the request to go to not only to proxy.mycompany.com over https , but also under a sub-path of myapp .

So far all I can get access to is proxy.mycompany.com , which isn't enough to create a valid redirect.

For dev purposes I'm using a reverse proxy setup in nginx, but my company is using Microsoft's ISA as well as HAProxy.

Answer 1

Generally this is done with x-forwarded-* headers which are inserted by the reverse proxy itself. For example:

x-forwarded-host: foo.com
x-forwarded-proto: https

Take a look here:

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/x-forwarded-headers.html

Probably you can configure nginx to insert whatever x- header you want, but the convention (standard?) seems to be the above.

If you're reverse proxying into a sub-path such as /myapp , that definitely complicates matters. Presumably that sub-path should be a configuration option available to both nginx and your app.