Fwd: reverse proxy

Dinoosh Nikapitiya dinoosh.niki at gmail.com
Tue Dec 11 08:58:51 UTC 2012 

Hi all,

I configured an nginx server as a reverse proxy few months ago. i have
apache server as a back end of the reverse proxy. Every thing worked
well until i start to use ssl.

When i try to redirect https://mydomain.com to https://www.mydomain.com it
gives me ssl untrusted error.

When i check HTTP_X_URL_SCHEME on backend server it shows only http.
Backend cannot understand if it is a http or https header.

How do i fix this?

below is my nginx vhost and back end apache vhost

server {
        listen 443;
        server_name mydomain.com www.mydomain.com;

        access_log  /var/log/nginx/mydomain.com.access.log;

        ssl     on;
        ssl_certificate /home/ssl/mydomain.com.crt;
        ssl_certificate_key /home/ssl/mydomain.com.pvk;

        ssl_prefer_server_ciphers on;
        ssl_protocols SSLv3 TLSv1;

        ssl_session_cache shared:SSL:2m;

        ssl_ciphers
DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

        charset utf-8;
        keepalive_timeout 70;

        location / {
            proxy_pass         http://xx.xx.xx.xx:xx;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header   X-Url-Scheme $scheme;
            client_max_body_size       10m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
}

##########################################################

  DocumentRoot /path/
        <Directory /path>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride None
                RewriteEngine on
                AddDefaultCharset utf-8
 RewriteCond %{HTTP_HOST} ^mydomain.com
                RewriteCond %{HTTPS} !=on
                RewriteRule ^(.*)$ https://www.mydomain.com$1 [R=302,L]

                RewriteCond %{HTTP_HOST} ^mydomain.com
                RewriteRule ^(.*)$ http://www.mydomain.com$1 [R=302,L]

                RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$
                RewriteRule .* - [F]
                RewriteRule ^(.*)$ index.php?route=$1 [L,QSA]

                Order allow,deny
                Allow from all
        </Directory>

        <IfModule mod_rpaf.c>
                RPAFenable On
                RPAFsethostname On
                RPAFproxy_ips xx.xx.xx.xx
        </IfModule>

-- 
*Dinoosh Nikapitiya
IT Infrastructure Administrator
Mobile :- (077) 5 904 547*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20121211/7de5c7a7/attachment.html>

More information about the nginx mailing list