See: #615

Are you sure this isn't going to break redirects in the normal non-proxy case?

Good point! It does seem to break redirects in non-proxy cases. I tried playing around with the following tonight and it doesn't seem to work as expected:

                if ($config{'cookiepath'} != undef) {
                        &write_data("Location: $prot://$host$config{'cookiepath'}$in{'page'}\r\n");
                        }
                else {
                        &write_data("Location: $prot://$hostport$in{'page'}\r\n");
                        }

That configuration will work for normal non-proxy, but seems to fail when proxied, am I missing something?

I really don't think this is the correct fix for everyone.

How is your proxy configured exactly?

@jcameron It probably isn't the correct fix for everyone, but an fix for people who are having issues with reverse proxies. Did you read through #615 ? My reverse proxy is though Apache 2, setup as the following:

        ServerName *******.me
	ServerAdmin hostmaster@********.me

	ErrorLog ${APACHE_LOG_DIR}/**********-error.log
	CustomLog ${APACHE_LOG_DIR}/***********-access.log combined
	RewriteEngine on

	ProxyPreserveHost On
	SSLProxyEngine On
	SSLProxyVerify none
	SSLProxyCheckPeerCN off
	SSLProxyCheckPeerName off
	SSLProxyCheckPeerExpire off
             
	RewriteRule ^/webmin$ /webmin/ [R]
	RewriteRule ^/docker$ /docker/ [R]
    
	ProxyPass /webmin https://localhost:10000
	ProxyPass /docker/ http://localhost:9000/
	ProxyPassReverse /webmin https://localhost:10000
	ProxyPassReverse /docker/ http://localhost:9000/
	ProxyPassReverseCookieDomain /webmin https://localhost:10000
	ProxyPassReverseCookiePath /webmin https://localhost:10000
	ProxyPassReverseCookieDomain /docker/ http://localhost:9000
	ProxyPassReverseCookiePath /docker/ http://localhost:9000
    
    #Enable Phpmyadmin only in this VHost
    Include /etc/phpmyadmin/apache.conf

	SSLCertificateFile /etc/letsencrypt/live/********.me/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/**********.me/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf

I have redacted some information with asterisks (*), I encourage you to read through the issue I linked. It doesn't seem to be just me who's having this issue.

If there's another way to fix this, then I'd like to hear your thoughts. The change I PR was the only way to prevent the issue from happening on my end.

May be related?

Trying to set to Off option ProxyPreserveHost solves an issue?

webmin/authentic-theme#807 (comment)

Can definitely say it is related! With the original unmodified miniserv.pl, having ProxyPreserveHost off solves all the issues I have been having. Having it enabled breaks the login.

Should probably add that to the documentation. Secondly, why would enabling it break Webmin logins? Some of my back end apps, such as Mattermost, require it to be enabled on my Apache reverse proxy.

This makes it slightly more inconvenient now that I need seperate configs in Apache only for Webmin to have the ProxyPreserveHost directive disabled.