Using Prosody with a HTTP Reverse Proxy

It's been a while since I first installed prosody on Agayon.be. I use it to experiments with my bots, to keep contact with the XMPP community and discover new cool stuffs to do. Recently I struggled a bit because I wanted to hide the prosody small HTTP server behind my Proxy. For various reasons, I still use Apache 2.4 and I could not get it to work with prosody. I mostly use the HTTP server for bosh authentication with Converse.js and with the http_upload module. When the 5281 port was accessible and Prosody handled the requests directly on the internet it worked well. But when I followed the documentation to use a proxy, it stopped working. All my PUT requests got a 404 error. I tested my setup with Slixmpp and the http_upload example.

Here is my configuration before the fix:

Prosody

Main config

[...]
https_ports = { 5281 }
https_interfaces = {  "127.0.0.1", "::1" }
trusted_proxies = { "127.0.0.1", "::1"}
[...]

VirtualHost

[...]
Component "upload.example.com" "http_upload"
       http_max_content_size = 10485760
       http_external_url = "https://upload.example.com/"
[...]

Apache VirtualHost

[...]
ProxyPass / http://localhost:5280/
ProxyPassReverse / http://localhost:5280/
[...]

Logs

Client

[...]
Client:
DEBUG    SEND: <iq id="23efd54cf4b2487386852e800f2ea411" to="upload.example.com" type="get"><request xmlns="urn:xmpp:http:upload:0" filename="robot.png" size="118037" content-type="image/png" /></iq>
DEBUG    RECV: <iq type="result" id="23efd54cf4b2487386852e800f2ea411" from="upload.example.com" to="test@example.com/test"><slot xmlns="urn:xmpp:http:upload:0"><get url="https://upload.example.com/upload/au5rOiUMomJbDI3q/robot.png" /><put url="https://upload.example.com/upload/au5rOiUMomJbDI3q/robot.png" /></slot></iq>
ERROR    Could not upload file: 404 (<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>404 Not Found</title>
example.com
[...]

Server

[...]
Mar 21 10:02:42 c2s5586c8e88960 debug   Received[c2s]: <iq id='23efd54cf4b2487386852e800f2ea411' type='get' to='upload.example.com'>
Mar 21 10:02:42 c2s5586c8e88960 debug   Given upload slot "au5rOiUMomJbDI3q/robot.png"
Mar 21 10:02:42 c2s5586c8e88960 debug   Sending[c2s]: <iq type='result' id='23efd54cf4b2487386852e800f2ea411' from='upload.example.com' to='memo@agayon.be/test'>
Mar 21 10:02:42 socket  debug   server.lua: accepted new client connection from ::1:49436 to 5280
Mar 21 10:02:42 http.server debug   Firing event: PUT /upload/au5rOiUMomJbDI3q/robot.png
Mar 21 10:02:42 http.server debug   Firing event: PUT localhost/upload/au5rOiUMomJbDI3q/robot.png

What is important to see is the second event:

PUT localhost/upload/au5rOiUMomJbDI3q/robot.png

on a working configuration it is 

PUT upload.example.com/upload/au5rOiUMomJbDI3q/robot.png

The fix

After a small discussion with Link Mauve from JabberFr, he suggested me to use setup the proxy to tell him to force its headers:

Apache

    [...]
    RequestHeader set Host "upload.example.com"
    ProxyPreserveHost On
    ProxyPass / http://localhost:5280/
    ProxyPassReverse / http://localhost:5280/
    [...]

Nginx

[...]
proxy_set_header Host "upload.example.com";
[...]

Two small lines and now it is working as expected :-).

Links

links

social