URL being altered with browser address bar when using traefik -- Is this normal?

kevdog · November 29, 2020, 2:57pm

Hi I'm using traefik2 and in the process of trying some test reverse proxy configurations. I'm coming from nginx so my limited knowledge is really from nginx.

With nginx, I usually add the following headers for my reverse proxies :

   location / {
       proxy_set_header   X-Real-IP $remote_addr;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Forwarded-Host $server_name;
       proxy_set_header X-Forwarded-Ssl on;
       proxy_pass https://nextcloud.xxxx.com;
   }

Testing my reverse proxy using a browser, I see that the original URL within the browser address bar seems to be preserved. So if my reverse proxy is located at test.xxxx.com and my backend server is located at nextcloud.xxxx.com, the url always shown in the browser address bar is https://test.xxxx.com/

Within traefik the URL displayed in the browser bar seem to be always rewritten or maybe the correct term is altered. An equivalent section for a traefik would be:

http:
  routers:
    test.xxxx.com:
      rule: "Host(`test.xxxx.com`)"
      entryPoints:
        - web
        - websecure
      middlewares:
        - mw_compress_headers
      service:
        - sv_proxy_pass_nextcloud.xxxx.com
      tls:
        options: modern@file
        certResolver: le
        domains:
          - main: test.xxxx.com

  middlewares:
    mw_compress_headers:
      compress: {}

  services:
    sv_proxy_pass_nextcloud.xxxx.com:
      loadBalancer:
        servers:
          - url: https://nextcloud.xxxx.com
        passHostHeader: false

So with this setup I'm seeing a rewrite of the URL within the browser address bar. What is displayed --> test.xxxx.com--->nextcloud.xxx.com/

The only way to avoid the "rewrite" is to turn passHostHeader: true but then within the backend server (nginx) you need to add test.xxx.com to the list or server names. You can change the host header with a middleware with something like the following and use service parameter passHostHeader:true--:

   mw_nextcloud_host_header:
      headers:
        customRequestHeaders:
          Host: nextcloud.xxxx.com

But when doing this -- you again get the URL being displayed in the address bar as https://nextcloud.xxxx.com/ rather than the reverse proxy address https://test.xxxx.com/

In summary

with nginx the URL displayed is not altered when reverse proxying (using the headers above), but
with traefik the URL displayed is altered.

Researching the topic it seems that the nginx headers some posts on stack exchange have suggested the nginx headers (shown below) are responsible for difference:

       proxy_set_header   X-Real-IP $remote_addr;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

I guess the purpose of this post was to confirm what I'm observing is actually "intended" or normal and it wasn't some strange way I've configured my reverse proxies.

jspdown · November 30, 2020, 2:05pm

Hello @kevdog and thanks for your interest in Traefik.

The only possible reason for seeing a different url in your browser's address bar is that a redirection happens somewhere. There's no redirection specified in your dynamic configuration so it must come from either your static configuration or your backend itself.

Could you show us your static configuration? And make sure the https://nextcloud.xxxx.com backend is not doing a redirection?

To further debug this, enable the debug mode, make a request and look how the requests gets routed.

kevdog · November 30, 2020, 2:41pm

@jspdown

Hey thanks for reply. In terms of the redirection, both nginx and traefik are referencing the same backends and only one is "redirecting" or "rewriting" the URL -- or so it seems. Again I'm not exactly sure what's happening.

Here is my static configuration:

entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443

  metrics:
    address: :8082

  ping:
    address: :3000

certificatesResolvers:
  le:
    acme:
      email: xxx@gmail.com
      #Staging Server
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      #Production Server
      #caServer: https://acme-v02.api.letsencrypt.org/directory
      storage: /etc/letsencrypt/acme.json
      keyType: 'EC384'
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 0
        resolvers:
          - "1.1.1.1:53"
          - "9.9.9.9:53"

serversTransport:
  insecureSkipVerify: false
  rootCAs:
    - /etc/ssl/certs/ca-certificates.crt

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedbydefault: false
    watch: true
    network: docker-net
  file:
#    filename: /etc/traefik/dynamic_conf.yml
    directory: /etc/traefik
    watch: true

api:
#  insecure: true
  debug: true
  dashboard: true

log:
  level: DEBUG

metrics:
  prometheus:
    buckets: [0.1, 0.3, 1.2, 5.0]
    addEntryPointsLabels: true
    addServicesLabels: true
    entryPoint: metrics
#    manualRouting: true

ping:
  entryPoint: ping
  #manualRouting: true

kevdog · December 2, 2020, 6:20am

I suppose posting that didn't really help

Topic		Replies	Views
Shouldn't the `StripPrefix` middleware also adjust the `Location` response header? Traefik v2 (latest) middleware	3	2029	August 19, 2020
Unwanted URL manipulation Traefik v2 (latest) docker , file	3	398	August 17, 2022
Forward Host header Traefik v2 (latest) middleware	3	1835	July 31, 2019
Nginx location equivalent Traefik v2 (latest) middleware	4	1127	March 17, 2022
Application URL write behind Traefik as Reverse Proxy possible? Traefik v2 (latest) docker , middleware	4	3726	June 30, 2022

URL being altered with browser address bar when using traefik -- Is this normal?

Related Topics