Newbie: Trying to ssl-wrap Plone4 using non-standard port

Francis Daly francis at
Wed Sep 29 19:32:39 MSD 2010

On Wed, Sep 29, 2010 at 07:32:43AM +0200, Johannes Graumann wrote:
> mat h wrote:

[Re-arranging for readability]

> >>>> The server now hold a virgin buildout of Plone4, listening on 8080.
> >>>> I want to wrap that zope/plone cnnetion into ssl using NGINX 

> >>>> location / {
> >>>> proxy_pass http://localhost:8080;
> >>>> }

> >>>> This gets me to Plone4's "Plone is up and running. * Your Plone site
> >>>> has not been added yet ..." age just fine, but clicking the button
> >>>> "Create a new Plone Site" redirects me to localhost:8080, which
> >>>> unsurprisingly doesn't work.

> >> location / {
> >> proxy_pass      http://localhost:8080;
> >> proxy_redirect  http://localhost:8080/ /;
> >> }

> >> But when trying to move on from plone's default start page (at
> >>, I still end at
> >> http://localhost:8080/@@plone-addsite?site_id=Plone, which keeps not
> >> working ...

> > try using instead of localhost.
> Thanks. Trying to go beyond the start age I now get stuck with a failing 
> ...

That looks like plone is generating a redirect url based on the provided
(to it) scheme://host:port

In fact, the returned html page includes the content

  base href=""

so it's not just in the http headers (where nginx should adjust them)
that things need changing.

Configure plone not to generate full urls within its output, and it
should all Just Work. (The urls should probably be site-relative,
starting with "/".)

Failing that, in nginx, you can set proxy_set_header (see for details) to send the
host:port that the the client sent, to plone. I don't know how to send
the scheme of https in a way that plone will automagically read, though.

If you really really want to, and don't care for efficiency, you could try
a sub_filter ( to replace the string
"" with the string "/" in all content generated
by plone. But it'd be much better just to configure plone to leave out
the unnecessary parts in the first place.

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list