On 03/06/2012 02:07 PM, mevans336 wrote:
> Cliff,
>
> The application performs a redirect because that was the way it was
> originally designed. It uses the ACEGI security framework. I have turned
> the ACEGI HTTP -> HTTPS redirect off with the same behavior however.
>
> After my post, I stumbled across the ip_hash upstream variable and that
> has resolved the issue. Or at least, masked it and made things
> functional.
>
> I am aware that Nginx is talking to JBoss via HTTP, not HTTPS. Nginx is
> acting as our front-end SSL termination point, we don't have JBoss
> configured to answer SSL requests, although for security purposes, that
> is on my 'to-do' list. Right now, clients don't communicate directly
> with the JBoss servers, only Nginx, so communication over the internet
> is encrypted.
I was just making sure that was considered. In any case I suspect
Francis is right in his assessment, and that's why using the ip_hash
directive solved your issue. Good work on that. I haven't personally
encountered frameworks with this issue so it didn't occur to me.

> I am confused by your statement, "It's not clear why you even bother
> with the proxy_pass in this location. Just redirect to the HTTPS
> location and be done."

What I meant is that you are doing a "rewrite permanent", followed by
the proxy_pass. This means that either the proxy_pass will never be
executed. Sorry I wasn't clear.

Regards,
Cliff

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx