Fess behind reverse proxy

(from github.com/mprzytulski)
It is possible to setup fess behind a reverse proxy so it can be virtually placed under a subdirectory of the main domain, like: http://example.com/search ?
I’m able to setup it under / path but if I configure reverse proxy to use /search I’ll get redirects from /search/admin/ to /admin/dashboard

(from github.com/marevol)
It depends on a reverse proxy setting.
Fess works with a reverse proxy.
ProxyPassReverse directive is needed if using apache.

(from github.com/micakovic)
For Fess behind HAProxy, whereby both Tomcat (Fess) and HAProxy sit on the same host,
you could try this.

Edit the HAProxy config file which usually sits here /etc/haproxy/haproxy.conf like so,
preserving other settings that come out of the box with it:

defaults
    mode                http
    log                 global
    option              httplog
    option              dontlognull
    option              http-server-close
    option              forwardfor except 127.0.0.0/8
    option              redispatch

frontend fess
    bind                *:80
    bind                *:443 ssl crt /etc/ssl/certs/haproxy/your_combined_certificate.pem
    redirect            scheme https code 301 if !{ ssl_fc }
    mode                http
    timeout             http-request 5s # Slowloris protection
    rspirep             ^(set-cookie:.*) \1;\ Secure
    # HSTS (15768000 seconds = 6 months)
    http-response       set-header Strict-Transport-Security max-age=15768000;\ preload;
    default_backend     fess

backend fess
    mode                http
    option              forwardfor
    http-request        set-header X-Forwarded-Port %[dst_port]
    http-request        add-header X-Forwarded-Proto https if { ssl_fc }
    option              httpchk HEAD / HTTP/1.1\r\nHost:localhost
    # CORS clients
    acl                 cors_allowed src 10.10.10.10 # IP address of your web application server
    rspadd              Access-Control-Allow-Origin:\ * if cors_allowed
    balance             roundrobin
    server              static 127.0.0.1:8080 check

If Tomcat (Fess) sits on another machine, replace the server ip address in the backend
configuration with that IP. For example:

backend fess
 ...
 server              static 10.10.10.20:8080 check 

This server must permit tcp/80 from your HAProxy IP address. Tomcat must be started to
listen on 10.10.10.20 in this case. Its default behaviour is to listen on 127.0.0.1 if
I am not mistaken.

The CORS clients directive allows you to query Fess programatically from a particular
IP address if you utilise JSON calls and JS APIs.

If Tomcat (Fess) and HAProxy sit on the same machine, permit only tcp/80 and tcp/443
to that machine.

If Tomcat (Fess) sits on another machine in LAN, a different one from the one where
HAProxy sits, on the one where you have Tomcat (Fess) permit tcp/8080 only from the
HAProxy machine.

(from github.com/micakovic)
For Tomcat (Fess) sitting behind nginx, try these.

10.10.10.20 is the IP address of the machine where Tomcat (Fess) runs. Allow your reverse proxy IP address to this machine on tcp/8080, and make sure that Tomcat starts on IP 10.10.10.20, then to serve a subdirectory do:

location ~ ^/fess/(.*)$ {
    rewrite    ^/fess/(.*)$ /$1 break;
    proxy_pass http://10.10.10.20:8080/$1$is_args$args;
}

In this example, requests would go to https://exapmle.com/fess/json?q=

nginx should accept tcp/80, tcp/443, and do 301 redirects from http to https.

(from github.com/marevol)

 proxy_pass https://10.10.10.20/$1$is_args$args;

Are the protocol and port correct?

(from github.com/micakovic)
Amended the port and protocol for nginx config.

(from github.com/biligee)
mprzytulski did you find a solution? I also need a simple one.