listen proxy_protocol and rewrite redirect scheme

adrhc nginx-forum at forum.nginx.org
Thu Sep 22 11:57:17 UTC 2016


I'm just a bit surprised that "port_in_redirect off" does not also
work. But that's ok -- I'm often surprised.
There's a "if" in src/http/ngx_http_header_filter_module.c which changes
port's value from 443 to 0 when on ssl + port initially 443 so
https://adrhc.go.ro/ffp_0.7_armv5 would redirect to http when
port_in_redirect is off.

"... but I don't know what is the set of conditions under which you would
want this ssl-rewrite to happen, and how you would go about configuring
that."
I'm not sure I understand what you mean (my bad english); the entire setup
is one allowing me to access my home server through the corporate firewall
wile not breaking what I already have (my web sites):
browser (ssl) -> sshttp:443 -> stunnel:1443 -> nginx:443:listen
proxy_protocol:no ssl
ssh client -> sshttp:443 -> ssh:22 -> ssh traffic detectable by firewall (I
don't want that)
ssh client -> stunnel in client mode:local-custom-port -> sshttp:443 ->
stunnel:1443 -> ssh:22 -> firewall sees only ssl traffic (better)
See https://adrhc.go.ro/wordpress/ssh-http-and-https-multiplexing/ for
instructions on full setup.

"It looks like nobody else has had that particular use case ..."
This seems odd for me; I'm sure I'm not the only guy starving for open ports
to internet (only 80 and 443 allowed) :D

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269623,269748#msg-269748



More information about the nginx mailing list