Host header lost on internal redirect in SSL vhost ?

Brice Figureau brice+nginx at daysofwonder.com
Tue May 15 16:14:39 MSD 2007


Hi,

It seems that when I address http://www.domain.com/?args to my nginx
front-end proxy (which proxies to apache), the Host header is not sent
to the upstream server as it should if the vhost is SSL enabled (I
couldn't reproduce it on a non ssl server).

In the log below, you can see that it uses Host: 127.0.0.1 even though
the client gave to the proxy Host: www.domain.com

I'm unsing proxy_set_header Host $host in the http{} section.
A workaround was to use:
proxy_set_header Host $server_name;
or
proxy_set_header Host $http_host;
directly in the https server.

Here is the config I'm using with nginx 0.5.16:
______________________________
worker_processes  1;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
  worker_connections  1024;
}

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  log_format main '$server_name $remote_addr - $remote_user [$time_local] '
        '"$request" $status $body_bytes_sent '
        '"$http_referer" "$http_user_agent" '
        '$connection "$pipe" "$request_time"';

  server_names_hash_bucket_size 64;

  access_log  /var/log/nginx/access.log;
  client_header_timeout  3m;
  client_body_timeout    3m;
  send_timeout           3m;

  client_header_buffer_size    1k;
  large_client_header_buffers  4 4k;

  gzip on;
  gzip_min_length  400;
  gzip_buffers     4 8k;
  gzip_types       text/plain text/css application/x-javascript image/icon;

  output_buffers   1 32k;
  postpone_output  1460;

  sendfile         on;
  tcp_nopush       on;
  tcp_nodelay      on;

  keepalive_timeout  75 20;

  map_hash_bucket_size   64;
  map  $http_host  $name  {
    include /etc/nginx/vhosts.conf;
  }

  proxy_set_header Host             $host;
  proxy_set_header X-Real-IP        $remote_addr;
  proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

  client_max_body_size       10m;
  client_body_buffer_size    128k;

  client_body_temp_path      /var/lib/nginx/client_body_temp;

  proxy_connect_timeout      90;
  proxy_send_timeout         90;
  proxy_read_timeout         90;

  proxy_buffer_size          4k;
  proxy_buffers              8 32k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;

  proxy_temp_path            /var/lib/nginx/proxy_temp;


  ... various server directives

  # HTTPS server
  #
  server {
    listen       111.222.333.444:443 default deferred backlog=1024;
    server_name  www.domain.com;

    access_log  /var/log/nginx/access.log main;

    ssl                  on;
    ssl_session_timeout  5m;

    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    ssl_certificate      /etc/ssl/www.domain.com.crt;
    ssl_certificate_key  /etc/ssl/www.domain.com.key;

    location / {
      root   /var/www/www.domain.com;
      index  index.php index.html index.htm;
    }

    location ~* \.php$ {
      proxy_pass http://127.0.0.1;
      proxy_set_header X_FORWARDED_PROTO https;
      proxy_set_header HTTP_X_FORWARDED_PROTO https;
      proxy_set_header HTTPS  on;
      proxy_redirect default;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
      root   /var/www/nginx-default;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
      deny  all;
    }
  }
  ... various server directives
}
----------------------------------------------------------------------------------

Here is the debug log, slightly edited:
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http request line: "GET /?t=buypower HTTP/1.1"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http uri: "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http args: "t=buypower"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http exten: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http process request header line
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Host: www.domain.com"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Accept-Language: de,en;q=0.7,en-us;q=0.3"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Accept-Encoding: gzip,deflate"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Keep-Alive: 300"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Connection: keep-alive"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Referer: http://www.daysofwonder.com/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Cookie: dow_session_1028012093=XYZ; frm_referer_id=23737;
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header done
2007/05/15 09:58:14 [debug] 4552#0: *4048677 event timer del: 41: 2395034937
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 0
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 1
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location for "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: = "/50x.html"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: ~ "\.php$"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: ~ "/\.ht"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 using configuration "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http cl:-1 max:10485760
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 3
2007/05/15 09:58:14 [debug] 4552#0: *4048677 post rewrite phase: 4
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 5
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 6
2007/05/15 09:58:14 [debug] 4552#0: *4048677 access phase: 7
2007/05/15 09:58:14 [debug] 4552#0: *4048677 access phase: 8
2007/05/15 09:58:14 [debug] 4552#0: *4048677 post access phase: 9
2007/05/15 09:58:14 [debug] 4552#0: *4048677 content phase: 10
2007/05/15 09:58:14 [debug] 4552#0: *4048677 open index "/var/www/www.domain.com/index.php"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 add cleanup: 08185FF0
2007/05/15 09:58:14 [debug] 4552#0: *4048677 internal redirect: "/index.php?t=buypower"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 1
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location for "/index.php"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: = "/50x.html"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: ~ "\.php$"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 using configuration "\.php$"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http cl:-1 max:10485760
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 3
2007/05/15 09:58:14 [debug] 4552#0: *4048677 post rewrite phase: 4
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 5
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 6
2007/05/15 09:58:14 [debug] 4552#0: *4048677 access phase: 7
2007/05/15 09:58:14 [debug] 4552#0: *4048677 access phase: 8
2007/05/15 09:58:14 [debug] 4552#0: *4048677 post access phase: 9
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http init upstream, client timer: 0
2007/05/15 09:58:14 [debug] 4552#0: *4048677 epoll add event: fd:41 op:3 ev:80000005
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script var: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Accept-Language: de,en;q=0.7,en-us;q=0.3"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Accept-Encoding: gzip,deflate"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Referer: http://www.domain.com/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Cookie: dow_session_1028012093=XYZ; frm_referer_id=23737;
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header:
"GET /?t=buypower HTTP/1.0
X_FORWARDED_PROTO: https
HTTP_X_FORWARDED_PROTO: https
HTTPS: on
Host: 127.0.0.1
Connection: close
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: de,en;q=0.7,en-us;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: http://www.domain.com/
Cookie: dow_session_1028012093=XYZ; frm_referer_id=23737;

"

Thanks,






More information about the nginx mailing list