Hello,
On 4/21/16 10:17 AM, Igor Sysoev wrote:
> On 21 Apr 2016, at 17:14, Igor Sysoev <igor@sysoev.ru> wrote:
>
>> On 21 Apr 2016, at 17:09, Jim Ohlstein <jim@ohlste.in> wrote:
>>
>>> Hello,
>>>
>>> I'm going a bit crazy here and hoping for some help. I've set up a new Mailman installation on FreeBSD. The system is set as follows:
>>>
>>> Web <-> nginx SSL termination and reverse proxy <-> nginx + fcgiwrap + Mailman
>>>
>>> When I try to access https://lists.mydomain.com or https://lists.mydomain.com/ it redirects me to https://lists.mydomain.com:8000/mailman/listinfo which of course fails.
>>>
>>> If I access https://lists.mydomain.com/mailman/listinfo directly or any URL except the main one, it works as expected.
>>>
>>> I have tried multiple options including:
>>>
>>> port_in_redirect off;
>>> proxy_bind $host:443;
>>> proxy_redirect off;
>>>
>>> Nothing seems to be working.
>>> Proxy settings for nginx front end: server
>>>
>>> location / {
>>> proxy_pass http://10.0.250.37:8000;
>>> proxy_set_header X-Real-IP $remote_addr;
>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>> proxy_set_header X-Forwarded-Proto $scheme;
>>> proxy_http_version 1.1;
>>> proxy_set_header Connection "";
>>> proxy_redirect off;
>>> proxy_set_header Host $host;
>>>
>>> [snip]
>>> }
>>>
>>> Backend server uses fastcgi for Python via fcgiwrap. Any help would be appreciated.
>>
>> proxy_redirect on;
>
> Sorry, no.
>
> proxy_redirect https://lists.mydomain.com:8000/ /;
>
>
Same result. I believe I had tried it already. To make certain I wasn't
seeing a cached response I checked with curl:
curl -I https://lists.mydomain.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.9.14
Date: Thu, 21 Apr 2016 14:34:27 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://lists.mydomain.com:8000/mailman/listinfo
Strict-Transport-Security: max-age=31536000
So it's actually redirecting to http. I have
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
set on the backend server so this is puzzling.
--
Jim Ohlstein
"Never argue with a fool, onlookers may not be able to tell the
difference." - Mark Twain
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx