Rev. Proxy with SSL: IE/Safari/Chrome ok; FF fails

ulus nginx-forum at nginx.us
Tue May 8 14:23:32 UTC 2012 

Hello,

after playing around for hours I would like to request some help.
What I want: ssl reverse_proxy to alfresco/tomcat backend.
client<--ssl-->nginx<--http-->backend (1-n)
I was able to setup it up so it works for IE9/Safari 5.1.5/ Chrome
18.0.x and older Firefox like 3.6.X
Login works for Alfresco Share and Alfresco Explorer with these
browsers.
With FF 9 or12 only Alf Explorer does, Share Login returns immediately
to login page.
I've tried numerous configs but can't get it to work.
nginx versions 1.2.0 and 1.0.5

nginx.conf:
user  www-data;
worker_processes  2;

error_log  /var/log/nginx/debug.log debug;
pid        /var/run/nginx.pid;
events {
  worker_connections  1024;
  use epoll;
  accept_mutex off;
}

http {
  server_names_hash_bucket_size 64;
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  error_log  /var/log/nginx/error.log;
  access_log  /var/log/nginx/access.log;

  sendfile       on;
  tcp_nopush     on;
  keepalive_timeout  65;

  # reverse proxy options
  proxy_redirect off;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# 20111213
  client_body_buffer_size     128K;
  client_max_body_size        100M;
  client_header_buffer_size   1M;
  large_client_header_buffers 8 8k;

 # Timeouts
  client_body_timeout   600;
  client_header_timeout 60;
  expires               24h;
  send_timeout          60;

# /20111213
# gzip compression options
  gzip on;
  gzip_http_version 1.0;
  gzip_comp_level 6;
  gzip_min_length 0;
  gzip_buffers 16 8k;
  gzip_proxied any;
  gzip_types text/plain text/css text/xml text/javascript
application/xml application/xml+rss application/javascript
application/json;
  gzip_disable "MSIE [1-6]\.";
  gzip_vary on;

  include /etc/nginx/sites-enabled/*.conf;

}

alfresco-8.conf (the only one in sites-enabled):
server {
    listen 80;
    server_name  alfresco-8.hosts.local;

    access_log /var/log/nginx/alfresco-8.access.log;
    error_log  /var/log/nginx/alfresco-8.error.log debug;

    return 301 https://alfresco-8.hosts.local$request_uri;
}

# Doesn't matter if these lines are active or not
ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  10m;

server {
    listen 443;
    server_name  alfresco-8.hosts.local;
    keepalive_timeout    70;

    access_log /var/log/nginx/alfresco-8.access.log;
    error_log  /var/log/nginx/alfresco-8.error.log debug;

    ssl on;
    ssl_certificate      /etc/nginx/keys/staging/ssl-unified.crt;
    ssl_certificate_key  /etc/nginx/keys/staging/ssl.key;


    location / {
       deny all;
    }
    location /alfresco/ {
       proxy_pass         http://192.168.10.48:8080/alfresco/;
    }
    location /share/ {
       proxy_pass         http://192.168.10.48:8080/share/;
    }
}

BTW: Is it necessary to have port 80 active and a rewirte/return
directive in the specific section? Doesn't it work without port 80
config?
Wasn't able to get it to work, because nginx returns always http - URI.


Best Regards
 ulus

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,226177,226177#msg-226177

More information about the nginx mailing list