How to setup "double reverse proxy" involving traefik, nginx and Django (GUnicorn)?

Question

This is currently my setup:

    publicly available                 private network
__________________________      ______________________________
| Traefik reverse proxy  | <--> | nginx <--> Django/GUnicorn |
__________________________      ______________________________

The Traefik proxy forwards a publicly available URL like https://some.example.com/foo/bar/ to http://<ip-of-nginx>:80/ (i.e. it strips the components foo and bar and downgrades from https to http). nginx serves static files and also acts internally as another reverse proxy, forwarding back and forth to the Django web application.

When a client requests https://some.example.com/foo/bar/baz, he is delivered the site at http://<ip-of-nginx>:80/baz, which is the site rendered by Django for the route /baz (as expected). However, all links on that site point to https://some.example.com/…, without the foo/bar/ part. Such links are not covered by Traefik and therefore broken. Additionally, static content like images also are not displayed.

To summarize: Forwarding works partially (some parts of the website are delivered), however links and static content are broken.

How do I setup this properly? In more detail:

• Is stripping foo/bar/ in general a good idea, or should I instead also use it in Django?
• If stripping is a good idea, where to perform it? Already at Traefik, or only at nginx?
• Is nginx's config the right place to address the broken link issue, or is Django/GUnicorn the right spot?

Answer 1

Based on this answer, I've set up a workaround which includes the following steps:

1. Make both reverse proxies, i.e. Traefik and nginx, pass through the foo/bar/ URI (do not strip).
2. Prefix the path to every app within the urlpatterns list in Django's root urls.py file with foo/bar/.
3. Make sure that hyperlinks in the rendered HTML pages are generated properly using {% url … %}, which will then automatically prepend the foo/bar/ URI, without changing the remaining code base.

However, this way I loose the shortcut of being able to address http://<ip-of-nginx>:80/baz directly, without the foo/bar/ URI. If someone has a better solution to this problem, I'll happily accept that answer.