Welcome! Log In Create A New Profile

Advanced

Nginx: proxy_pass not forwarding the proxy headers

Posted by dd123 
Forum List Message List New Topic
dd123
Nginx: proxy_pass not forwarding the proxy headers
August 09, 2017 07:42PM
Guys, I have a weird issue.

I have two server blocks over SSL.

The block is attached below:

server {


listen 443 default_server ssl;
server_name _ ;

ssl_certificate "/etc/nginx/ssl-certs/server-certs/xx.cert";
ssl_certificate_key "/etc/nginx/ssl-certs/server-certs/xx-private.key";


ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_session_tickets off;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
server_tokens off;


location / {
deny all;

}
location /uxxxs/ {

proxy_pass http://localhost:23051/uxxs/;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;

}
location /mynginxstats {
stub_status on;
access_log off;
}


}


server {

listen 443 ssl;
server_name *.ma.test.abcxyz.net;
ssl_certificate "/etc/nginx/ssl-certs/server-certs/xx.cert";
ssl_certificate_key "/etc/nginx/ssl-certs/server-certs/xx-private.key";
ssl_client_certificate /etc/nginx/ssl-certs/client-cert/root-certs-ecc-rsa.crt;


ssl_verify_client on;
ssl_verify_depth 2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_session_tickets off;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
server_tokens off;


location / {
deny all;

}
location /uxxs/ {

proxy_pass http://localhost:23051/uxxs/;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-SSL-Client-FINGERPRINT $ssl_client_fingerprint;

proxy_set_header X-Client-Cert $ssl_client_fingerprint;
proxy_set_header X-SSL-Session-Id $ssl_session_id;
proxy_set_header Host $host;

}


}


As you can see for certain hostnames *.ma.test.abcxyz.net; , I am doing 2 -way ssl .


The issue is: when I send via browser to mywebsite.ma.test.abcxyz.net, I can see that backend instance is getting the proxy headers properly filled up:

proxy_set_header X-SSL-Client-FINGERPRINT $ssl_client_fingerprint;
proxy_set_header X-Client-Cert $ssl_client_fingerprint;
proxy_set_header X-SSL-Session-Id $ssl_session_id;
proxy_set_header Host $host;

But when I send a same request through my client simulator ( ruby app ), I dont see these headers coming to backend proxy. Now, my backend proxy needs these header info.


I am wondering why nginx is not sending these proxy headers to backend instance when sending request thru client simulator but when I send thru browser, it sends... ?

Thanks
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 313
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready