Reverse proxy CouchDB web frontend (Futon) without exposing CouchDB API

Question

Is it possible to just reverse proxy Futon, without exposing the CouchDB root and RESTful API? I have the following nginx config:

server {
  # This should never be hit, as the port isn't open,
  # but it's here for completeness sake
  listen 80;
  return 301 https://$host$request_uri;
}

server {
  listen 443;
  server_name my_futon_host;

  ssl_certificate /path/to/my/certificate.pem;
  ssl_certificate_key /path/to/my/private.key;

  ssl on;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  location / {
    proxy_set_header    Host $host;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto $scheme;

    # Just reverse proxy Futon, presuming that works...
    proxy_pass          http://localhost:5984/_utils/;
    proxy_read_timeout  90;

    proxy_redirect      http://localhost:5984/_utils/ https://my_futon_host/;
  }
}

Futon appears to load with this configuration, but I can't do anything. It just complains that it can't access the appropriate CouchDB API endpoints. This makes sense, as they are not reverse proxied and presumably Futon attempts to call them directly. Is there any way around this?

Answer 1

Writing the location block in the following way works for me. The crucial line is adding rewrite directive for the path.

location / { rewrite ^/(.*) /_utils/$1 break; proxy_pass http://localhost:5984; proxy_set_header Host $host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; }