Login

I’ve been trying to set up a reverse proxy for my home server to handle a couple of web apps, but I keep running into weird SSL certificate errors after the initial handshake. The proxy passes traffic, but then certain assets fail to load because the backend seems to be receiving the wrong host header. I’m using Nginx and thought my configuration file was correct for this basic pass-through scenario.

I've run into this when TLS ended at the proxy. The initial handshake was fine, but the backend started emitting assets with links to the proxy host because the app uses the Host header to generate URLs. If nginx sends a different host to the backend or if the upstream TLS name doesn't match, you can get those certificate warnings and the assets load as 404s. In my setup, aligning the upstream TLS hostname (SNI) with the backend and keeping the original host visible to the app helped a bit, but it took some digging.

Where I finally landed was making sure the backend sees the original host. I avoided forcing a different host name at the proxy and left headers like X-Forwarded-Proto intact so redirects and cookies didn't break. It wasn't a magic fix, but the app started retrieving assets from the right place after that.

I also flirted with the idea that a cached redirect or an absolute URL baked into the front end could be misled by the proxy. I drifted through a few header tweaks and checked what the client actually asked for, but the symptoms kept rotating as I changed one thing at a time.

Could the real problem be something else entirely, like the app's base URL being hard coded or the upstream cert chain, rather than the host header?

Login
Username:
Password:	Lost Password?
	Remember me