I’ve noticed a lot of new Mastodon server admins struggling to get Mastodon, either inside or outside of Docker, to properly work behind an Apache reverse proxy. A lot of them seem to be running into “ERR_TOO_MANY_REDIRECTS” or “403 Forbidden”. As the recommended configuation is behind Nginx there isn’t much documentation for getting this working with Apache.
Although I run my main private instance through Nginx, I do run an a very small public instance behind Apache. This is the relevent configuration under the VirtualHost on port 443:
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyPass /api/v1/streaming ws://localhost:4000
ProxyPassReverse /api/v1/streaming ws://localhost:4000
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost, ProxyPass, ProxyPassReverse all require mod_proxy, RequestHeader requires mod_headers. Failure to have these modules installed when configured in .conf
will likely prevent Apache from starting.
I would speculate that Mastodon wants to confirm its going to an https connection, hence RequestHeader - and perhaps its getting into a redirect loop due to this, with the virtual host on 80 redirecting? And possibly 403 is because Mastodon only expects a connection from something with the same hostname, and PreserveHost needs to be set. I’m not sure, but that would be my thinking.