Redirect 301 https. Nginx + OracleIAS10g
i3g
nginx-forum на forum.nginx.org
Пт Апр 15 13:56:50 UTC 2016
Доброго времени суток!
Решил настроить связку nginx + OHS(OracleIAS10g).
По какой-то причине не корректно работает redirect 301.
Версия nginx 1.8
Смортю в firebug, браузеру приходит ответ c полной ссылкой на http такого
вида:
Status: 302 Moved Temporarily
Location:
http://example.com/test/index.html?command=refresh2&__sessionId=47&__commandId=51
хотя по идее должна прийти:
Location: httpS://example.com..........
Нашел в интернете, что для настройки такой конфигурации в связке с СП
Weblogic12c есть параметры:
# WebLogic:
#proxy_set_header WL-Proxy-Client-IP $_ClientIP_HeaderVariableValue;
#proxy_set_header WL-Proxy-SSL
$_SSLChannelFlag_HeaderVariableValue;
Но ничего подобного для OracleIAS10g не нашел....
Конфиг прилагаю:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log error;
pid /var/run/nginx.pid;
events
{
worker_connections 10240;
multi_accept on;
}
http
{
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log main;
server_tokens off;
client_max_body_size 0;
underscores_in_headers on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 300;
keepalive_requests 300;
proxy_buffering on;
proxy_buffers 128 4k;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
client_header_timeout 120s;
client_body_timeout 120s;
send_timeout 120s;
gzip on;
gzip_comp_level 9;
gzip_proxied any;
gzip_min_length 256;
gzip_http_version 1.0;
gzip_vary off;
gzip_types *;
proxy_cache_path /usr/share/nginx/cache levels=1:2 use_temp_path=off
keys_zone=cache:64m inactive=24h max_size=1G;
proxy_cache_use_stale error timeout invalid_header updating http_500
http_502 http_503 http_504;
proxy_cache_valid 200 301 302 404 24h;
proxy_cache_lock on;
proxy_cache_lock_timeout 60s;
proxy_cache_lock_age 60s;
proxy_http_version 1.1;
map $scheme $_SSLChannelFlag_HeaderVariableValue
{
"https" true;
default false;
}
server {
server_name example.com i.p.add.res;
listen 80;
return 301 https://example.com$request_uri;
}
upstream testup
{
server oracleASIp:80;
keepalive 100;
}
server
{
listen 443 ssl;
server_name example.com i.p.add.res;
ssl_certificate /etc/nginx/conf.d/ssl/*.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/*.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 30m;
ssl_ciphers 'ECDHE-blabla.....';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
proxy_hide_header Strict-Transport-Security;
set $_ClientIP_HeaderVariableValue $proxy_add_x_forwarded_for;
proxy_set_header Host $http_Host;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-For $_ClientIP_HeaderVariableValue;
proxy_set_header X-Forwarded-Proto $scheme;
location /example/test/ { error_page 456 = @ibrs; return
456; }
location /example
{
allow 127.0.0.0/8;
allow 192.168.0.0/16;
deny all;
error_page 404 = @testup;
rewrite "^(?:/[^/]+){3}$" $uri/;
}
location @testup
{
limit_except GET HEAD POST { deny all; }
proxy_pass http://testup;
}
location @cache
{
access_log /var/log/nginx/cache.log main;
limit_except GET HEAD { deny all; }
gzip off;
rewrite "(?i)^(.*);jsessionid=.+$" $1 break;
proxy_cache cache;
proxy_cache_key $uri;
proxy_pass http://127.0.0.1:11700;
}
location /
{
return 301 /example.com/test/index.html;
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html
{
root /usr/share/nginx/html;
}
} # << end of server >>
server
{
listen 127.0.0.1:11700;
location /example/
{
access_log /var/log/nginx/cache_renew.log main;
proxy_set_header Host $http_Host;
proxy_set_header Connection "";
gzip_comp_level 9;
proxy_pass http://example;
}
} # << end of server >>
} # << end of http >>
Почему в итоге возвращается http, а не https?
Posted at Nginx Forum: https://forum.nginx.org/read.php?21,266198,266198#msg-266198
Подробная информация о списке рассылки nginx-ru