Saturday, October 15, 2016

ssl - nginx proxypath https redirect fails without trailing slash



I'm trying to setup Nginx to forward requests to several backend services using proxy_pass.



The links on the pages that lack trailing slashes do have https:// in front, but get redirected to a http request with a trailing slash - which ends in connection refused - I only want these services to be available through https.



So if a link is too https://example.com/internal/errorlogs



in a browser when loaded https://example.com/internal/errorlogs gives Error Code 10061: Connection refused (it redirects to http://example.com/internal/errorlogs/)




If I manually append the trialing slash https://example.com/internal/errorlogs/ it loads



I've tried with varied trailing forward slashes appended to the proxypath and location in proxy.conf to no effect, have also added server_name_in_redirect off;



This happens on more than one app under nginx, and works in apache reverse proxy



Config files;



proxy.conf




location /internal {
    proxy_pass        http://localhost:8081/internal;
    include proxy.inc;
}
.... more entries ....


sites-enabled/main




server {
    listen 443;

    server_name example.com;
    server_name_in_redirect off;

    include proxy.conf;

    ssl on;
}



proxy.inc



proxy_connect_timeout   59s;
proxy_send_timeout      600;
proxy_read_timeout      600;
proxy_buffer_size       64k;
proxy_buffers           16 32k;
proxy_pass_header       Set-Cookie;

proxy_redirect          off;
proxy_hide_header       Vary;

proxy_busy_buffers_size         64k;
proxy_temp_file_write_size      64k;

proxy_set_header        Accept-Encoding         '';
proxy_ignore_headers    Cache-Control           Expires;
proxy_set_header        Referer                 $http_referer;
proxy_set_header        Host                    $host;

proxy_set_header        Cookie                  $http_cookie;
proxy_set_header        X-Real-IP               $remote_addr;
proxy_set_header        X-Forwarded-Host        $host;
proxy_set_header        X-Forwarded-Server      $host;
proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
proxy_set_header        X-Forwarded-Ssl         on;
proxy_set_header        X-Forwarded-Proto       https;


curl output




-$ curl -I -k https://example.com/internal/errorlogs/
HTTP/1.1 200 OK
Server: nginx/1.0.5
Date: Thu, 24 Nov 2011 23:32:07 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Content-Length: 14327

-$ curl -I -k https://example.com/internal/errorlogs

HTTP/1.1 301 Moved Permanently
Server: nginx/1.0.5
Date: Thu, 24 Nov 2011 23:32:11 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Content-Length: 127
Location: http://example.com/internal/errorlogs/

Answer



I saw you added the server_name_in_redirect directive, but you need proxy_redirect directive on the location session




http://wiki.nginx.org/HttpProxyModule#proxy_redirect



You will add something like that



proxy_redirect http://example.com/ /;

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...