Hi- my first post here, so be nice :)
I'm fairly new to Nginx and am playing with it to act as a reverse proxy behind a Tomcat app server that lives in LAN. So basically, what I'm trying do is:
https://WAN-IP +--------+ http://LAN-IP/index.jsp +------------+
User ----------------------------- | Nginx | ---------------------------------------------- | Tomcat |
+--------+ +------------+
The user accesses the pages inside the app server through Nginx acting as a reverse proxy listening on a Public/WAN IP. I have HTTP (port 80) disabled on Nginx and have everything serving through HTTPS (443). This basic config seems to do the trick:
location / {
proxy_pass http://LAN-IP/index.jsp;
### Set headers ####
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded-Proto https;
### By default we don't want to redirect it ####
proxy_redirect off;
}
However, the problem is that the Tomcat pages redirect (HTTP 302) the user to another page on the LAN if the logic in those JSPs "see" that the user is not authenticated/authorized correctly. So, when the user accesses the URL https://WAN-IP, they get reverse proxied to http://LAN-IP/index.jsp. Then, the index.jsp "redirects" the user to http://LAN-IP/login.jsp, but that automatically get's translated to http://WAN-IP/login.jsp (notice it's HTTP not HTTPS).
I'd like to replicate the experience on the LAN to the WAN such that https://WAN-IP/index.jsp takes the user to https://WAN-IP/login.jsp and once the user authenticates correctly, it takes the the user back to https://WAN-IP/index.jsp and all links buried underneat the application server http://LAN-IP/whatever.jsp translates correctly to https://WAN-IP/whatever.jsp.
Could someone please advise?
