Redirect loop in combination with https and apache

Martijn Hodenpijl m.hodenpijl at 1hippo.com
Mon Dec 23 10:06:56 UTC 2013 

Hi,

We have a setup with tomcat/apache and nginx.

When a redirect occurs from the application from https to http, the nginx
gets trapped in a redirect loop.

In the apache configuration we have this setting:

<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
.... more mimetypes

The nginx configuration has this location

    location / {
        proxy_pass http://def-t-site1/;
        proxy_http_version 1.1;
        proxy_hide_header Expires;
        proxy_hide_header Last-Modified;
        proxy_redirect off;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_cache http_def;
        proxy_cache_key $scheme://$host$uri$is_args$args;
        # proxy_cache_key "$scheme://$host$request_uri";
        proxy_cache_valid  200 302  10m;
        proxy_cache_valid  404      1m;
        add_header Cache-Control "public";
        add_header X-Cache-Status $upstream_cache_status;
        add_header X-Via $hostname;
    }

a similar setting we have for 443 port (https).

If we remove ExpiresDefault "access plus 1 month" from apache, the redirect
loop does not occur. The cache of nginx uses a TTL of 1 month after the
redirect occurs. This causes a redirect loop, since the https request is
cached as well.


So far, we tried several things
- proxy_cache_valid  200 301  0m;
No change in the TTL. The redirect loop is not solved, and the TTL is still
a month.

Then we tried to configure the expire headers in nginx. That solves the
redirect, but unfortunately
the expire headers are not set. We tried for instance:

if ($upstream_http_content_type ~ "image/jpeg") {
  expires 2m;
}

or
map $upstream_http_content_type $new_cache_control_header_val {
   default $upstream_http_cache_control;
   "~*image/jpeg" "max-age=120, must-revalidate";
}

but these settings did not have any effect on the TTL of the images.

So, is there a way to avoid the redirect loop and set the expire header per
mimetype in nginx ?

Thanks!



-- 
Martijn Gijsberti Hodenpijl
Web Developer Hippo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20131223/a52f70b7/attachment.html>

More information about the nginx mailing list