Host header lost on internal redirect in SSL vhost ?
Brice Figureau
brice+nginx at daysofwonder.com
Tue May 15 16:14:39 MSD 2007
Hi,
It seems that when I address http://www.domain.com/?args to my nginx
front-end proxy (which proxies to apache), the Host header is not sent
to the upstream server as it should if the vhost is SSL enabled (I
couldn't reproduce it on a non ssl server).
In the log below, you can see that it uses Host: 127.0.0.1 even though
the client gave to the proxy Host: www.domain.com
I'm unsing proxy_set_header Host $host in the http{} section.
A workaround was to use:
proxy_set_header Host $server_name;
or
proxy_set_header Host $http_host;
directly in the https server.
Here is the config I'm using with nginx 0.5.16:
______________________________
worker_processes 1;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$server_name $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$connection "$pipe" "$request_time"';
server_names_hash_bucket_size 64;
access_log /var/log/nginx/access.log;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 400;
gzip_buffers 4 8k;
gzip_types text/plain text/css application/x-javascript image/icon;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
map_hash_bucket_size 64;
map $http_host $name {
include /etc/nginx/vhosts.conf;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_body_temp_path /var/lib/nginx/client_body_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 8 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/lib/nginx/proxy_temp;
... various server directives
# HTTPS server
#
server {
listen 111.222.333.444:443 default deferred backlog=1024;
server_name www.domain.com;
access_log /var/log/nginx/access.log main;
ssl on;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/www.domain.com.crt;
ssl_certificate_key /etc/ssl/www.domain.com.key;
location / {
root /var/www/www.domain.com;
index index.php index.html index.htm;
}
location ~* \.php$ {
proxy_pass http://127.0.0.1;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header HTTPS on;
proxy_redirect default;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
... various server directives
}
----------------------------------------------------------------------------------
Here is the debug log, slightly edited:
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http request line: "GET /?t=buypower HTTP/1.1"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http uri: "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http args: "t=buypower"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http exten: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http process request header line
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Host: www.domain.com"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Accept-Language: de,en;q=0.7,en-us;q=0.3"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Accept-Encoding: gzip,deflate"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Keep-Alive: 300"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Connection: keep-alive"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Referer: http://www.daysofwonder.com/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header: "Cookie: dow_session_1028012093=XYZ; frm_referer_id=23737;
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http header done
2007/05/15 09:58:14 [debug] 4552#0: *4048677 event timer del: 41: 2395034937
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 0
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 1
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location for "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: = "/50x.html"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: ~ "\.php$"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: ~ "/\.ht"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 using configuration "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http cl:-1 max:10485760
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 3
2007/05/15 09:58:14 [debug] 4552#0: *4048677 post rewrite phase: 4
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 5
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 6
2007/05/15 09:58:14 [debug] 4552#0: *4048677 access phase: 7
2007/05/15 09:58:14 [debug] 4552#0: *4048677 access phase: 8
2007/05/15 09:58:14 [debug] 4552#0: *4048677 post access phase: 9
2007/05/15 09:58:14 [debug] 4552#0: *4048677 content phase: 10
2007/05/15 09:58:14 [debug] 4552#0: *4048677 open index "/var/www/www.domain.com/index.php"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 add cleanup: 08185FF0
2007/05/15 09:58:14 [debug] 4552#0: *4048677 internal redirect: "/index.php?t=buypower"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 1
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location for "/index.php"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: "/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: = "/50x.html"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 find location: ~ "\.php$"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 using configuration "\.php$"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http cl:-1 max:10485760
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 3
2007/05/15 09:58:14 [debug] 4552#0: *4048677 post rewrite phase: 4
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 5
2007/05/15 09:58:14 [debug] 4552#0: *4048677 generic phase: 6
2007/05/15 09:58:14 [debug] 4552#0: *4048677 access phase: 7
2007/05/15 09:58:14 [debug] 4552#0: *4048677 access phase: 8
2007/05/15 09:58:14 [debug] 4552#0: *4048677 post access phase: 9
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http init upstream, client timer: 0
2007/05/15 09:58:14 [debug] 4552#0: *4048677 epoll add event: fd:41 op:3 ev:80000005
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script var: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http script copy: ""
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Accept-Language: de,en;q=0.7,en-us;q=0.3"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Accept-Encoding: gzip,deflate"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Referer: http://www.domain.com/"
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header: "Cookie: dow_session_1028012093=XYZ; frm_referer_id=23737;
2007/05/15 09:58:14 [debug] 4552#0: *4048677 http proxy header:
"GET /?t=buypower HTTP/1.0
X_FORWARDED_PROTO: https
HTTP_X_FORWARDED_PROTO: https
HTTPS: on
Host: 127.0.0.1
Connection: close
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: de,en;q=0.7,en-us;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: http://www.domain.com/
Cookie: dow_session_1028012093=XYZ; frm_referer_id=23737;
"
Thanks,
More information about the nginx
mailing list