All; I got this to work, but let me tell you... OTRS did not want to do this. Here are the list of things I ended up having to do. For the record, I'm running on CentOS 7, so some of your locations may be different. On the OTRS Server: /etc/httpd/conf.d/zzz_otrs.conf: Swap lines 5 and 6, and change the ScriptAlias from /otrs/ to / From: ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/" Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/" To: Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/" ScriptAlias / "/opt/otrs/bin/cgi-bin/" Reasons: You can't just proxy from / to /otrs/, as the Perl code builds redirects based on its knowledge of the website structure (Specifically the BaseLink variable, a copy of the CGIHandle variable, which in turn is set from the SCRIPT_NAME environment variable). So when you log in to /index.pl, it redirects to /otrs/index.pl. The lines need to be reversed, because I altered the ScriptAlias to override the DocumentRoot, and Alias and ScriptAlias declarations are processed in order. Thus, Apache tries to find static content at /opt/otrs/bin/cgi-bin/opt/otrs/var/httpd/htdocs/ and fails. With the order reversed, Apache properly applies the aliases. In System Configuration Frontend::Base::ScriptAlias needs to change from /otrs/ to /, to match with the above. On the Proxy server: Here's the relevant sections of the /etc/nginx/nginx.conf file: location /otrs-web/ { proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://<ip address>/otrs-web/; } location / { proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://<ip address>$request_uri; } I haven't run into any problems yet, but ymmv. Thank you, Dominic Hilsbos Director – Information Technology Perform Air International Inc. DHilsbos@PerformAir.com 300 S. Hamilton Pl. Gilbert, AZ 85233 Phone: (480) 610-3500 Fax: (480) 610-3501 www.PerformAir.com From: otrs [mailto:otrs-bounces@lists.otrs.org] On Behalf Of David Hess Sent: Friday, August 31, 2018 6:19 AM To: otrs@lists.otrs.org Subject: [Disarmed] Re: [otrs] Proxying OTRS Customer Portal Hi, I have been reverse proxying otrs since version 3 behind an apache proxy.  We are currently on otrs 5, but i expect similar configurations will still work on 6.  And this is for Apache, not nginx, but I am including in case it is helpful.     SSLEngine on     SSLProtocol all -SSLv2     SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES     SSLCertificateFile /etc/pki/tls/certs/companyname.crt     SSLCertificateKeyFile /etc/pki/tls/private/companyname.key     ServerName tickets.companyname.com     ProxyPreserveHost On     RedirectMatch ^/$ https://tickets.companyname.com/otrs/index.pl     ProxyPass /otrs-web/ MailScanner has detected a possible fraud attempt from "1.1.1.1" claiming to be http://1.1.1.1/otrs-web/     ProxyPassReverse /otrs-web/ MailScanner has detected a possible fraud attempt from "1.1.1.1" claiming to be http://1.1.1.1/otrs-web/     ProxyPass /otrs/ MailScanner has detected a possible fraud attempt from "1.1.1.1" claiming to be http://1.1.1.1/otrs/     ProxyPassReverse /otrs/ MailScanner has detected a possible fraud attempt from "1.1.1.1" claiming to be http://1.1.1.1/otrs/ </VirtualHost> 1.1.1.1 would be the lan IP of your otrs server, and tickets.companyname.com would be the public domain name. In my experience you run into issues if you try to completely get rid of the /otrs/ part of the path, as you need a way to differentiate between /otrs-web/ and /otrs/ but you can rename it with your proxy.  Here is a configuration we are using to serve up the public interface of OTRS (specifically the survey module)     ServerName support.companyname.com     ProxyPreserveHost On     RewriteEngine On     RewriteRule ^/survey/([A-Fa-f0-9]+)/?$ /public/?Action=PublicSurvey;PublicSurveyKey=$1 [P,L]     ProxyPass /otrs-web/ MailScanner has detected a possible fraud attempt from "1.1.1.1" claiming to be http://1.1.1.1/otrs-web/     ProxyPassReverse /otrs-web/ MailScanner has detected a possible fraud attempt from "1.1.1.1" claiming to be http://1.1.1.1/otrs-web/     ProxyPass /public/ MailScanner has detected a possible fraud attempt from "1.1.1.1" claiming to be http://1.1.1.1/otrs/public.pl     ProxyPassReverse /public/ MailScanner has detected a possible fraud attempt from "1.1.1.1" claiming to be http://1.1.1.1/otrs/public.pl     SetOutputFilter INFLATE;SUBSTITUTE;DEFLATE     Substitute "s| action=\"/otrs/public.pl\"| action=\"#\"|i"     Substitute "s| Baselink: \"/otrs/public.pl\?\"| Baselink: \"/public/?\"|i"     Substitute "s| CGIHandle: \"/otrs/public.pl\"| CGIHandle: \"/public/\"|i" </VirtualHost> This configuration replaces the /otrs/public.pl path with a new /public/ path, effectively hiding the fact that we are running OTRS. Regards, David Hess On Thu, Aug 30, 2018 at 12:26 PM wrote: All; I'm going to be setting up a new OTRS 6 instance with the customer portal facing the Internet.  For security purposes I will be reverse proxying the customer portal, over HTTPS, using nginx. The default installation of OTRS has the customer portal at <hostname>/otrs/customer.pl, since I will be reverse proxying anyway, I'd like this to appear at <hostname>/. Are there any special directives I should include in the nginx reverse proxy configuration to smooth this setup?  Has anyone done this before, and would be willing to give me some pointers? Thank you, Dominic Hilsbos Director - Information Technology Perform Air International Inc. DHilsbos@PerformAir.com 300 S. Hamilton Pl. Gilbert, AZ 85233 Phone: (480) 610-3500 Fax: (480) 610-3501 www.PerformAir.com --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs