Apache Reverse Proxy in front of RD Web Access IIS

Question

I have just configured a Microsoft Remote Desktop Services service on an internal Windows Server 2012 R2 server. I have access to RDP through outside the network with port forwarding. However, because I have additional web servers running on port 80/443, I can't expose RD Web Access running on IIS to directly to the internet.

I have a reverse proxy configuration with Apache for all my internal sites, so I'm trying to use the same for RD Web Access. My configuration (for both HTTP & HTTPS) is as follows

<VirtualHost *:80>
    ServerName foo.example.com

    ProxyPass / http://192.168.1.xxx/
    ProxyPassReverse / http://192.168.1.xxx/
</VirtualHost>

This configuration seems to work but has an issue. When connecting directly to foo.example.com, I get the default IIS page, as expected. However, when accessing http://foo.example.com/RDWeb/, the URL gets changed to http://192.168.1.xxx/RDWeb, which I obviously can't access from outside of my network. I need it to stay as http://foo.example.com/RDWeb/.

I have tried adding ProxyPreserveHost On to my apache configuration, when I do that, I get an infinite redirect loop, so that doesn't work either. I'm pretty sure that this is NOT an IIS issue, because if I set my local host file to point foo.example.com to 192.168.1.xxx, it works without issue.

Is there something I'm missing in my Apache Reverse Proxy configurations?

Answer 1

Well, after an epiphany, I found the cause of my issues.

Turns out, I was indeed supposed to keep ProxyPreserveHost On to allow URL rewriting to the correct external URL. However, because my external URL had an SSL certificate, I was getting an infinite redirect loop which went like this

External URL (https) -> Internal (http) -> Internal (https) -> External (https)

I fixed this my turning my ProxyPass and ProxyPassReverse directives to proxy the HTTPS instead of HTTP internal IP. Because of this, I also had to add the SSLProxyEngine On directive.