Problem with http/https interoperation

[Benimaur Gao]

Hello, all

    I have a web application, which use nginx as frontend reverse-proxy
sever. It's configured to use https to interact with user agent. Several
tomcats are used as backend application servers. The connection between
nginx and tomcats is http. The network structure is illustrated as
following:

    Browser -- https --> nginx --- http --> tomcat1
                                            \-- http --> tomcat2

    The normal request works ok. Problem comes when my program  returns
302/Redirection to user agent. Since tomcat has no idea about https'
environment, the location field in http response header is set as:
"Location: http://redirect.url.com". After receiving that, the browser will
launch subsequent requests through http.

    Now I overcome this by redirecting all requests towards 80 to 443:

    server{
        listen 80;

        server_name  *.url.com;
        rewrite ^(.*) https://$server_name$1 permanent;
    }

    but this method has two obvious defects:
    1. the first request launch by use agent is still http, which will
incur security.
    2. nginx rewrite module works by returning 301/Move Permanently, I
think too much redirection between user agent and my application will
result in poor efficiency.

    I wonder if there is some ready-made module to manipulate the 302
Location header, or any other better ways to workaround this problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140421/dfb914b6/attachment.html>