Welcome! Log In Create A New Profile


Re: Too Many Redirects

February 02, 2013 10:34AM
Francis Daly Wrote:
> On Fri, Feb 01, 2013 at 07:27:31PM -0500, billmanhillman wrote:
> Hi there,
> > I created another HTTP/1.1 connector in tomcat listening on another
> port
> > 8443. I then separated the server settings in nginx for both http
> and
> > https.
> >
> > I had the http server def proxy_pass to http://localhost:8080
> > I had the https server def proxy_pass to http://localhost:8443
> >
> > I also put headers notifying tomcat the request was coming from http
> or
> > https.
> You changed the nginx config so that tomcat could be able to tell
> whether
> the original request was https or not.


> Did you change the tomcat config so that it would recognise this
> signal,
> and would accept that "originally https" was enough to consider it
> as secure?

The connection is secured on the Nginx side. Tomcat should be able to handle this since I'm just swapping out overblown apache for Nginx and it worked fine on apache before switching to Nginx. I've tried X-Proxy-For and X-Real-IP headers. Am I missing any other headers?

The Java Application to "tells" the container the request has entered a secured area. I don't want to go down the road of creating Rewrites for https since the config for the application will reside in the Nginx config (bad practice).

> > Still no dice. Redirect loops can't seem to be fixed.
> It looks to me like the redirect loops are coming from tomcat, not
> nginx.
> If you can't configure tomcat the way you want to, perhaps configuring
> nginx to proxy_pass to a https:// url when appropriate would be an
> adequate workaround, at least for testing purposes?

I tried proxy_pass with https:// before but I always get a Bad Gateway.

This is frustrating because I'm doing a write up for Nginx integration along with other servers to help others like myself to have a step by step guide for configuring reverse proxies and any flavor of application server (Tomcat, Jetty, Geronimo, WebSphere, JBoss, etc...) for PCI compliance. You'll simply download the .deb(debian only) and it will compile, install, secure, configure, and add a new node if it's in a clustered environment.

I'm simply trying to get this right. Thanks for your help and suggestions.

> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Too Many Redirects

billmanhillman February 01, 2013 10:38AM

Re: Too Many Redirects

Francis Daly February 01, 2013 03:50PM

Re: Too Many Redirects

billmanhillman February 01, 2013 07:27PM

Re: Too Many Redirects

Francis Daly February 02, 2013 04:30AM

Re: Too Many Redirects

billmanhillman February 02, 2013 10:34AM

Re: Too Many Redirects

Jonathan Matthews February 02, 2013 02:00PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 82
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 214 on March 20, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready