Redirect to localhost / Relative Location Header

What’s actually happening

A login or POST succeeds, then the browser tries to load http://localhost:8080/dashboard or http://127.0.0.1/... and dies with connection refused. From outside it's broken; on the server itself it appears to work because localhost resolves there. The Location response header in DevTools shows the internal host or port leaking out.

Common causes

• App constructs absolute redirect URLs from the Host it received, but the proxy forwarded Host: localhost:8080 instead of the public name.
• Apache ServerName unset (or UseCanonicalName On with a wrong ServerName), so mod_dir/mod_rewrite redirects use the internal name.
• Nginx proxy_pass without 'proxy_set_header Host $host', so the upstream sees the backend's own address.
• Framework ignores X-Forwarded-Host / Forwarded and trusts the literal Host header (e.g. Flask without ProxyFix, Express without 'trust proxy').
• Hard-coded base URL or APP_URL still pointing at a dev value like http://localhost:3000.

How to fix it

1. Capture the bad Locationcurl -I https://example.com/path-that-redirects and read the Location line. If it says localhost or an internal :8080, the origin is generating URLs from the wrong host.
2. Forward the real Host through the proxyNginx: proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme. Apache mod_proxy preserves Host with ProxyPreserveHost On.
3. Make the app trust forwarded host headersEnable the proxy adapter: Express app.set('trust proxy', true), Flask ProxyFix(app.wsgi_app, x_host=1, x_proto=1), Django USE_X_FORWARDED_HOST=True with ALLOWED_HOSTS set to the public domain.
4. Set the canonical site URLPin the public base in config (Apache ServerName example.com, WordPress siteurl/home, APP_URL=https://example.com) and prefer relative Location values (Location: /dashboard) where the framework allows it.