By Jason White
I’m having an issue trying to proxy pass to my App Platform application from another server.
I have a .NET 6 app running in a Docker container on App Platform. This is running fine. I hit my API from my REST client using the domain given to my app by App Platform.
What I’m trying to do now is add an entry to my server running Nginx to proxy requests from my domain to the application on App Platform.
server {
listen 443 ssl;
server_name ~^(?<subdomain>[\w-]+)\.mydomain\.com$ mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
location /api {
proxy_pass https://my-app-platform-app.ondigitalocean.app;
proxy_http_version 1.1;
}
}
This works fine, my api receives the request but the Host header of the request is the app platform domain (https://my-app-platform-app.ondigitalocean.app) but want my domain from my proxy server (https://mydomain.com) as the Host header. So what I did was set the Host header with proxy_set_header in my Nginx config like below.
server {
listen 443 ssl;
server_name ~^(?<subdomain>[\w-]+)\.mydomain\.com$ mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
location /api {
proxy_set_header Host $host;
proxy_pass https://my-app-platform-app.ondigitalocean.app;
proxy_http_version 1.1;
}
}
Now when I try to access my API from mydomain.com/api I get a 403 Permission Denied - Cloudfare error
Has anyone encountered this issue, or know what I’m doing wrong with this?
Thank you.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I was unable to find a solutions to the original error with the 403 Permission Denied Cloudflare error. I posted on the Digital Ocean Community board but didn’t have any luck there either. There isn’t much details as to why Cloudflare is returning the 403 (returns a blank white page with 403 error, no details) nor could I find anything in Digital Ocean. I did find one questions on the Digital Ocean Community board with the same error but there wasn’t any solution for it either.
I figured I’d post a temporary solution that I’m using as a workaround until I can troubleshoot this further. Instead of setting the Host header I simply just added a new custom header X-Host and set it to $host. This gets passed properly to my API running in a docker container.
In my .NET 6 app I check for the X-Host header first to see if it’s set and use the Host header as a fallback if it isn’t.
My Nginx config looks like this now…
server {
listen 443 ssl;
server_name ~^(?<subdomain>[\w-]+)\.mydomain\.com$ mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
location /api {
proxy_set_header X-Host $host;
proxy_pass https://my-app-platform-app.ondigitalocean.app;
proxy_http_version 1.1;
}
}
If this is a CORS request you might have to setup a CORS policy in Digital Ocean. You can follow their guide below for setting that up.
https://docs.digitalocean.com/products/app-platform/how-to/configure-cors-policies/
I answered this on the stack overflow question. I hope this helps the next person, as it took me two days of breaking my application to get right.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.