Rstudio apache reverse proxy different host and subdirectory

RStudio IDE
1

I have rstudio-server running on a internal debian host (let's call it rserver.internal.com) on port 8787.

I can reverse-proxy that to http://rserver.internal.com/rstudio and/or https://rserver.internal.com/rstudio using the following apache 2.4 config on rserver.internal.com:

        <Proxy *>
                Allow from localhost
        </Proxy>
        RewriteCond %{HTTP:Upgrade} =websocket
        RewriteRule /rstudio/(.*) ws://localhost:8787/ [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket
        RewriteRule /rstudio/(.*) http://localhost:8787/ [P,L]
        ProxyPass /rstudio/ http://localhost:8787/
        ProxyPassReverse /rstudio/ http://localhost:8787/
        ProxyPreserveHost On
        RequestHeader set X-RStudio-Root-Path "/rstudio"

/etc/rstudio/rserver.conf contains:

# Server Configuration File
auth-required-user-group=rstudio-users
www-enable-origin-check=0

This works.

Now, I would like to access this over the internet, so I'd like to instead reverse-proxy from https://elsewhere.external.com/rstudio, which also runs the same Debian apache 2.4. From elsewhere.external.com, I can use a web browser and connect to rserver.internal.com:8787 or :443 or :80.

I have tried a zillion variations of trying to reverse-proxy to rserver.internal.com:8787 or to rserver.internal.com:80 (double-reverse-proxy) and keep getting the 302 redirect to https://elsewhere.external.com/rstudio/auth-sign-in?appUri=%2F and this debug message from rstudio server:

 DEBUG Request for main page with no user-identifier - redirecting to login page: /

The elswhere.extrernal.com:443 config currently looks like this:

       # Have tried the below at 8787 or at 80
        RewriteCond %{HTTP:Upgrade} =websocket
        RewriteRule /rstudio/(.*) ws://rserver.internal.com:8787/ [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket
        RewriteRule /rstudio/(.*) http://rserver.internal.com:8787/ [P,L]
        ProxyPass /rstudio/ http://rserver.internal.com:8787/
        ProxyPassReverse /rstudio/ http://rserver.internal.com:8787/
        ProxyRequests Off
        # Have tried all kinds of variations of the below on or commented out.
        ProxyPreserveHost On
        RequestHeader set X-RStudio-Root-Path "/rstudio"
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set Host "elsewhere.external.com:443"

and, sniffing packets, the headers being sent include:

Host: elsewhere.example.com:443
Upgrade-Insecure-Requests: 1
X-RStudio-Root-Path: /rstudio
X-Forwarded-Proto: https
X-Forwarded-For: <ip address of my browser on the internet>
X-Forwarded-Host: elsewhere.external.com:443
X-Forwarded-Server: elsewhere.external.com
Connection: Keep-Alive

I have also fiddled with ProxyPassReverseCookieDomain, in case that's relevant, but no luck. I

Based on searching, I know this is kind of a FAQ, but the documentation doesn't really cover this case, and none of the answers I've seen appear to work (many are quite old, however). Any idea how to fix this or figure it out?