Reverse Proxying

This page explains some tips for using a reverse proxy server in front of RSAS.

RSAS can be used behind a reverse proxy server. Some common reasons for doing this are:

  • Using a single reverse proxy server to terminate TLS for multiple backend applications
  • Modifying HTTP headers using a reverse proxy (even though you can customize HTTP headers with RSAS)
  • Filtering traffic
Heads up: RSAS is extremely performant. Placing a reverse proxy server in front of RSAS will at least double your CPU usage and introduce new bottlenecks, so we do not recommend reverse proxying RSAS with high numbers of listeners unless you have the hardware to power it and the expertise to troubleshoot any new bottlenecks this introduces.

Supported Headers

RSAS supports the following HTTP headers commonly used by reverse proxies:

  • X-Forwarded-Proto - RSAS will use this to determine whether to use HTTP or HTTPS in URLs it generates
  • X-Forwarded-For - expected to be the original client IP making the request. RSAS will log this in the access.log as the client IP, rather than the reverse proxy's IP.

HLS and Base URL Customization

When running a reverse proxy to front multiple applications, it is common to have a different base URL path for application, such as /grafana, /rsas, etc. In order for RSAS to correctly generate M3U8 playlists required for HLS, it must be made aware that it should use this new base URL in any URLs that it references in its playlists.

To solve this, set the <base-url> in your configuration to the full public base URL through which RSAS can be accessed:

<icecast>
    <base-url>https://my-public-reverse-proxy:8011/rsas</base-url>
    <hls>
        <enabled>1</enabled>
        ...
    </hls>
    ...
</icecast>

Note that the <base-url> overrides the <hostname> setting.

Example Reverse Proxy Configurations

Below are some snippets of configurations demonstrating site configurations for nginx and haproxy. (Note that these are not complete configurations - they are just demonstrating the reverse proxying part.)

location /rsas/ {
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_pass http://127.0.0.1:8000;  //IP of your RSAS server on your LAN
}
frontend apps.example.com *:80
  acl has_rsas_prefix path_beg -i /rsas
  use_backend rsas if has_rsas_prefix
  default_backend default

backend rsas
    server rsas 127.0.0.1:8000