Nginx https rewrite turns POST to GET
Jonathan Matthews
contact at jpluscplusm.com
Tue Oct 2 21:09:25 UTC 2012
On Oct 2, 2012 9:44 PM, "jwxie" <nginx-forum at nginx.us> wrote:
>
> My proxy server runs on ip A and this is how people access my web service.
> The nginx configuration will redirect to a virtual machine on ip B.
>
> For the proxy server on IP A, I have this in my sites-available
>
> server {
> listen 443;
> ssl on;
> ssl_certificate nginx.pem;
> ssl_certificate_key nginx.key;
>
> client_max_body_size 200M;
> server_name localhost 127.0.0.1;
> server_name_in_redirect off;
>
> location / {
> proxy_pass http://10.10.0.59:80;
> proxy_redirect http://10.10.0.59:80/ /;
>
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> }
>
> }
>
> server {
> listen 80;
> rewrite ^(.*) https://$http_host$1 permanent;
> server_name localhost 127.0.0.1;
> server_name_in_redirect off;
> location / {
> proxy_pass http://10.10.0.59:80;
> proxy_redirect http://10.10.0.59:80/ /;
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> }
> }
>
> The proxy_redirect was taken from how do I get nginx to forward HTTP POST
> requests via rewrite?
>
> Everything that hits the public IP will hit 443 because of the rewrite.
> Internally, we are forwarding to 80 on the virtual machine.
>
> But when I run a python script such as the one below to test our
> configuration
>
> import requests
>
> data = {'username': '....', 'password': '.....'}
> url = 'http://IP_A/api/service/signup'
>
> res = requests.post(url, data=data, verify=False)
> print res
> print res.json
> print res.status_code
> print res.headers
>
> I am getting a 405 Method Not Allowed. In nginx we found that when it hit
> the internal server, the internal nginx was getting a GET request, even
> though in the original header we did a POST (this was shown in the Python
> script).
>
> So it seems like rewrite has problem.
Rewrite has no problem. It doesn't dictate a verb that the client should
use. The user-agent you're using is choosing to do this, possibly
correctly, upon receipt of the 301 response.
Have a read of the 301, 302, 303, 307 and 308 sections here for more
information:
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#3xx_Redirection
Your options appear to be to use an experimental response code, or to
enforce that clients POST to the correct port. I'd choose the latter if at
all possible.
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20121002/463eac4e/attachment-0001.html>
More information about the nginx
mailing list