Redirect 301 https. Nginx + OracleIAS10g

i3g nginx-forum на forum.nginx.org
Пт Апр 15 13:56:50 UTC 2016


Доброго времени суток!
Решил настроить связку nginx + OHS(OracleIAS10g).
По какой-то причине не корректно работает redirect 301.
Версия nginx 1.8
Смортю в firebug, браузеру приходит ответ c полной ссылкой на http такого
вида:
Status: 302 Moved Temporarily
Location:
http://example.com/test/index.html?command=refresh2&__sessionId=47&__commandId=51

хотя по идее должна прийти:

Location: httpS://example.com..........

Нашел в интернете, что для настройки такой конфигурации в связке с СП
Weblogic12c есть параметры:

# WebLogic:
#proxy_set_header WL-Proxy-Client-IP    $_ClientIP_HeaderVariableValue;
#proxy_set_header WL-Proxy-SSL         
$_SSLChannelFlag_HeaderVariableValue;


Но ничего подобного для OracleIAS10g не нашел....

Конфиг прилагаю:

user  nginx;

worker_processes auto;
error_log  /var/log/nginx/error.log error;
pid        /var/run/nginx.pid;

events
 {
  worker_connections 10240;
  multi_accept on;
 }

http
 {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  access_log  /var/log/nginx/access.log  main;
  server_tokens off;
  client_max_body_size 0;
  underscores_in_headers on;
  sendfile        on;
  tcp_nopush  on;
  tcp_nodelay on;

  keepalive_timeout  300;
  keepalive_requests 300;

  proxy_buffering on;
  proxy_buffers 128 4k;

  proxy_connect_timeout 300s;
  proxy_read_timeout 300s;
  proxy_send_timeout 300s;

  client_header_timeout 120s;
  client_body_timeout 120s;
  send_timeout 120s;

  gzip on;
  gzip_comp_level 9;
  gzip_proxied any;
  gzip_min_length 256;
  gzip_http_version 1.0;
  gzip_vary off;
  gzip_types *;

   proxy_cache_path /usr/share/nginx/cache levels=1:2 use_temp_path=off
keys_zone=cache:64m inactive=24h max_size=1G;
  proxy_cache_use_stale error timeout invalid_header updating http_500
http_502 http_503 http_504;
  proxy_cache_valid 200 301 302 404 24h;
  proxy_cache_lock on;
  proxy_cache_lock_timeout 60s;
  proxy_cache_lock_age 60s;

  proxy_http_version 1.1;

  map $scheme $_SSLChannelFlag_HeaderVariableValue
   {
    "https" true;
    default false;
   }

server {
    server_name example.com i.p.add.res;
    listen 80;
    return 301 https://example.com$request_uri;
  }

  upstream testup
   {
    server oracleASIp:80;
    keepalive 100;
   }

server
   {
    listen 443 ssl;
    server_name  example.com i.p.add.res;

    ssl_certificate      /etc/nginx/conf.d/ssl/*.crt;
    ssl_certificate_key  /etc/nginx/conf.d/ssl/*.key;
    ssl_dhparam         /etc/nginx/conf.d/ssl/dhparam.pem;


    ssl_protocols        TLSv1.1 TLSv1.2;
    ssl_session_cache    shared:SSL:50m;
    ssl_session_timeout  30m;

    ssl_ciphers         'ECDHE-blabla.....';
    ssl_prefer_server_ciphers  on;

    add_header Strict-Transport-Security max-age=15768000;
    proxy_hide_header Strict-Transport-Security;


    set $_ClientIP_HeaderVariableValue $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_Host;
    proxy_set_header Connection "";

    proxy_set_header X-Forwarded-For       $_ClientIP_HeaderVariableValue;
    proxy_set_header X-Forwarded-Proto     $scheme;
    
    location /example/test/             { error_page 456 = @ibrs; return
456; }

    location /example
     { 
      allow 127.0.0.0/8;
      allow 192.168.0.0/16;
      deny  all;
      error_page 404 = @testup;
      rewrite "^(?:/[^/]+){3}$" $uri/;
     }
  location @testup
     {
      limit_except GET HEAD POST { deny all; }

      proxy_pass http://testup;
     }

    location @cache
     {
      access_log /var/log/nginx/cache.log main;

      limit_except GET HEAD { deny all; }

      gzip off;

      rewrite "(?i)^(.*);jsessionid=.+$" $1 break;
      proxy_cache cache;
      proxy_cache_key $uri;
      proxy_pass http://127.0.0.1:11700;
     }

    location /
    {
       return 301 /example.com/test/index.html;
       root   /usr/share/nginx/html;
       index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html
     {
      root   /usr/share/nginx/html;
     }
   } # << end of server >>

server
   {
    listen 127.0.0.1:11700;
    location /example/
     {
      access_log /var/log/nginx/cache_renew.log main;
      proxy_set_header Host $http_Host;
      proxy_set_header Connection "";
      gzip_comp_level 9;
      proxy_pass http://example;
     }
   } # << end of server >>
 } # << end of http >>

Почему в итоге возвращается http, а не https?

Posted at Nginx Forum: https://forum.nginx.org/read.php?21,266198,266198#msg-266198



Подробная информация о списке рассылки nginx-ru