Hi Jonathan
Thanks for helping! It's a critical blocker.
I understand the HTTP spec there. To make it short, how do I enforce that client to POST (an eventually PUT, DELETE, GET, ) correctly?
I mean this is not a custom situation. Pretty sure many production servers are running in a similar config (user hits a public ip on 443 and then redirects to an internal server).
If you are interested, without the first layer (the public proxy), and use the same configuration directly inside the internal server, and running the communication directly to that server will be fine. In other words, make that server public will be fine even with rewrite rule.