Hi all,<br><div class="gmail_quote"><div><br></div><div>I configured an nginx server as a reverse proxy few months ago. i have apache server as a back end of the reverse proxy. Every thing worked well until i start to use ssl. </div>
<div><br></div><div>
When i try to redirect <a href="https://mydomain.com" target="_blank">https://mydomain.com</a> to <a href="https://www.mydomain.com" target="_blank">https://www.mydomain.com</a> it gives me ssl untrusted error.</div><div>
<br></div><div>When i check HTTP_X_URL_SCHEME on backend server it shows only http. </div>
<div>Backend cannot understand if it is a http or https header.</div><div><br></div><div>How do i fix this?</div><div><br></div><div>below is my nginx vhost and back end apache vhost</div><div><br></div><div>server {</div>
<div> listen 443;</div><div> server_name <a href="http://mydomain.com" target="_blank">mydomain.com</a> <a href="http://www.mydomain.com" target="_blank">www.mydomain.com</a>;</div><div><br></div><div> access_log /var/log/nginx/mydomain.com.access.log;</div>
<div><br></div><div> ssl on;</div><div> ssl_certificate /home/ssl/mydomain.com.crt;</div><div> ssl_certificate_key /home/ssl/mydomain.com.pvk;</div><div><br></div><div> ssl_prefer_server_ciphers on;</div>
<div> ssl_protocols SSLv3 TLSv1;</div><div><br></div><div> ssl_session_cache shared:SSL:2m;</div><div><br></div><div> ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;</div>
<div><br></div><div> charset utf-8;</div><div> keepalive_timeout 70;</div><div><br></div><div> location / {</div><div> proxy_pass http://xx.xx.xx.xx:xx;</div><div> proxy_redirect off;</div>
<div><br></div><div> proxy_set_header Host $host;</div><div> proxy_set_header X-Real-IP $remote_addr;</div><div> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div>
<div> proxy_set_header X-Url-Scheme $scheme;</div><div> client_max_body_size 10m;</div><div> client_body_buffer_size 128k;</div><div><br></div><div> proxy_connect_timeout 90;</div>
<div> proxy_send_timeout 90;</div><div> proxy_read_timeout 90;</div><div><br></div><div> proxy_buffer_size 4k;</div><div>}</div><div><br></div><div>##########################################################</div>
<div><br></div><div> DocumentRoot /path/</div><div> <Directory /path></div><div> Options -Indexes FollowSymLinks MultiViews</div><div> AllowOverride None</div><div> RewriteEngine on</div>
<div> AddDefaultCharset utf-8</div><div><span style="white-space:pre-wrap"> </span></div><div><span style="white-space:pre-wrap"> </span>RewriteCond %{HTTP_HOST} ^<a href="http://mydomain.com" target="_blank">mydomain.com</a></div>
<div> RewriteCond %{HTTPS} !=on</div><div> RewriteRule ^(.*)$ <a href="https://www.mydomain.com" target="_blank">https://www.mydomain.com</a>$1 [R=302,L]</div><div><br></div><div> RewriteCond %{HTTP_HOST} ^<a href="http://mydomain.com" target="_blank">mydomain.com</a></div>
<div> RewriteRule ^(.*)$ <a href="http://www.mydomain.com" target="_blank">http://www.mydomain.com</a>$1 [R=302,L]</div><div><br></div><div> RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$</div>
<div> RewriteRule .* - [F]</div>
<div> RewriteRule ^(.*)$ index.php?route=$1 [L,QSA]</div><div><br></div><div> Order allow,deny</div><div> Allow from all</div><div> </Directory></div><div><br></div>
<div> <IfModule mod_rpaf.c></div><div> RPAFenable On</div><div> RPAFsethostname On</div><div> RPAFproxy_ips xx.xx.xx.xx</div><div> </IfModule> <span class="HOEnZb"><font color="#888888"><br clear="all">
<div><br></div></font></span></div></div>-- <br><b style="color:rgb(102,102,102)">Dinoosh Nikapitiya<br>IT Infrastructure Administrator<br>Mobile :- (077) 5 904 547</b><br><br>