Welcome! Log In Create A New Profile

Re: NGINX: Reverse Proxy (SSL) with non-ssl backend

Forum List Message List New Topic Print View

Steve Wilson

May 28, 2014 07:16PM

It's late and I'm about to go to bed so I've not checked the docs on
this but ...

add_header Front-End-Https on;

I suspect this is meant to be proxy_add_header and meant so php can
detect the client is accessing via https.

If my memory is correct on this it's likely that php could be sending a
redirect (302) to https:... which your browser's following, hence the
seeming page refresh.

It might be worth creating a php page with the magical <?phpinfo()?> and
accessing it through nginx and apache to see if there's anything
obvious, and the "Front-End-Https" header when through nginx.

Steve.

On 26/05/2014 10:11, Nelson Manuel Marques wrote:
>
> Hi,
>
> I currently run a small system which consists on an Apache HTTP with PHP (8080) backend (no SSL on localhost) with a Varnish HTTP accelerator on Port 9000 (localhost) and a NGINX reverse proxy (SSL).
>
> I am facing a small issue with this setup, mainly, when I select checkboxes and friends and hit submit (ex; application setup) nothing happens… Boxes get unticket and I remain in the same screen. If bind Apache or Varnish on all interfaces and hit their ports directly, everything works. I believe this might be an issue with my nginx setup.
>
> My nginx configuration (vhost, nginx.conf is the default):
>
>
>
> server {
> listen 80;
> server_name foobar.local;
> return 301 https://foobar.local/$request_uri;
> }
>
> server {
> listen 443 ssl;
> server_name foobar.local;
> # virtual host error and access logs in /var/log/nginx
> access_log /var/log/nginx/foobar.local-access.log;
> error_log /var/log/nginx/foobar.local.vm-error.log;
> # gzip compression configuration
> gzip on;
> gzip_comp_level 7;
> gzip_min_length 1000;
> gzip_proxied any;
> # SSL configuration; generated cert
> keepalive_timeout 60;
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DS
> S;
> ssl_certificate /etc/nginx/certs/self-ssl.crt;
> ssl_certificate_key /etc/nginx/certs/self-ssl.key;
> ssl_session_cache shared:SSL:5m;
> ssl_session_timeout 5m;
> ssl_prefer_server_ciphers on;
>
> client_max_body_size 2M;
>
> location / {
> proxy_pass http://127.0.0.1:8080/;
> add_header Front-End-Https on;
> proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
> #proxy_set_header Accept-Encoding "";
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> allow all;
> proxy_ignore_client_abort on;
> proxy_redirect off;
> }
> }
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
NGINX: Reverse Proxy (SSL) with non-ssl backend	Nelson Manuel Marques	May 26, 2014 05:12AM
Re: NGINX: Reverse Proxy (SSL) with non-ssl backend	Francis Daly	May 28, 2014 07:08PM
Re: NGINX: Reverse Proxy (SSL) with non-ssl backend	Steve Wilson	May 28, 2014 07:16PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 313

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018