upstream server are always redirected as https
Jonathan Matthews
contact at jpluscplusm.com
Fri Jun 29 13:59:44 UTC 2012
On 29 June 2012 08:10, henn1nk <nginx-forum at nginx.us> wrote:
> I am always redirect to https://mydomain .... How can i STOP this?
Nothing in the nginx config you posted is doing this. It's almost
certainly your application that's choosing to issue the redirect.
If I had to guess, I'd suggest that your app is redirecting you, a
non-logged-in user, to a login page, which it insists on serving over
HTTPS so your login creds can't get sniffed.
You can verify that it's the app that's doing this by either
* watching your app's (*not* nginx's) per-request logs and seeing a
301/302 get issued or
* doing a "curl -v" against the URI you're hitting in your browser,
and looking out for response headers that let you know it's definitely
app responding, not nginx (for example "X-Powered-By:", etc) or
* doing a "curl -v" against the app *directly*, without involving
nginx, and seeing the 301/302 get issued.
Something like that, anyway; I hope you get the idea.
To stop this being a problem, you either need to
* set up an SSL nginx server which informs the app that it's a secure
connection or
* lie to the app, and tell it that the HTTP connection is actually secure
* tell the app not to insist on an SSL login.
I'd suggest you do the first of these. The "X-Forwarded-Proto" header
may be your friend. Have a google.
HTH,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
More information about the nginx
mailing list