diff --git a/doc/FAQ.md b/doc/FAQ.md
index 8dbd12f0..73a43007 100644
--- a/doc/FAQ.md
+++ b/doc/FAQ.md
@@ -83,7 +83,7 @@ Now you can browse to `<port>.coder.com`. Note that this uses the host header so
 ensure your reverse proxy forwards that information if you are using one.
 
 ### Sub-paths
-Just browse to `/proxy/<port>`.
+Just browse to `/proxy/<port>/`.
 
 ## x86 releases?
 
diff --git a/src/node/app/proxy.ts b/src/node/app/proxy.ts
index 8f551244..80aa7a7b 100644
--- a/src/node/app/proxy.ts
+++ b/src/node/app/proxy.ts
@@ -30,15 +30,24 @@ export class ProxyHttpProvider extends HttpProvider implements HttpProxyProvider
     request: http.IncomingMessage,
     response: http.ServerResponse,
   ): Promise<HttpResponse> {
+    const isRoot = !route.requestPath || route.requestPath === "/index.html"
     if (!this.authenticated(request)) {
       // Only redirect from the root. Other requests get an unauthorized error.
-      if (route.requestPath && route.requestPath !== "/index.html") {
-        throw new HttpError("Unauthorized", HttpCode.Unauthorized)
+      if (isRoot) {
+        return { redirect: "/login", query: { to: route.fullPath } }
       }
-      return { redirect: "/login", query: { to: route.fullPath } }
+      throw new HttpError("Unauthorized", HttpCode.Unauthorized)
     }
 
-    const payload = this.doProxy(route.requestPath, request, response, route.base.replace(/^\//, ""))
+    // Ensure there is a trailing slash so relative paths work correctly.
+    const base = route.base.replace(/^\//, "")
+    if (isRoot && !route.originalPath.endsWith("/")) {
+      return {
+        redirect: `/proxy/${base}/`,
+      }
+    }
+
+    const payload = this.doProxy(route.requestPath, request, response, base)
     if (payload) {
       return payload
     }