Too Many Redirects

billmanhillman nginx-forum at nginx.us
Sat Feb 2 15:34:53 UTC 2013 

Francis Daly Wrote:
-------------------------------------------------------
> On Fri, Feb 01, 2013 at 07:27:31PM -0500, billmanhillman wrote:
> 
> Hi there,
> 
> > I created another HTTP/1.1 connector in tomcat listening on another
> port
> > 8443. I then separated the server settings in nginx for both http
> and
> > https.
> > 
> > I had the http server def proxy_pass to http://localhost:8080
> > I had the https server def proxy_pass to http://localhost:8443
> > 
> > I also put headers notifying tomcat the request was coming from http
> or
> > https.
> 
> You changed the nginx config so that tomcat could be able to tell
> whether
> the original request was https or not.

Agreed.

> 
> Did you change the tomcat config so that it would recognise this
> signal,
> and would accept that "originally https" was enough to consider it
> as secure?

The connection is secured on the Nginx side. Tomcat should be able to handle
this since I'm just swapping out overblown apache for Nginx and it worked
fine on apache before switching to Nginx. I've tried X-Proxy-For and
X-Real-IP headers. Am I missing any other headers?

The Java Application to "tells" the container the request has entered a
secured area. I don't want to go down the road of creating Rewrites for
https since the config for the application will reside in the Nginx config
(bad practice).

> 
> > Still no dice. Redirect loops can't seem to be fixed.
> 
> It looks to me like the redirect loops are coming from tomcat, not
> nginx.
> 
> If you can't configure tomcat the way you want to, perhaps configuring
> nginx to proxy_pass to a https:// url when appropriate would be an
> adequate workaround, at least for testing purposes?

I tried proxy_pass with https:// before but I always get a Bad Gateway.

This is frustrating because I'm doing a write up for Nginx integration along
with other servers to help others like myself to have a step by step guide
for configuring reverse proxies and any flavor of application server
(Tomcat, Jetty, Geronimo, WebSphere, JBoss, etc...) for PCI compliance.
You'll simply download the .deb(debian only) and it will compile, install,
secure, configure, and add a new node if it's in a clustered environment.

I'm simply trying to get this right. Thanks for your help and suggestions.

> 
> 	f
> -- 
> Francis Daly        francis at daoine.org
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,235822,235853#msg-235853

More information about the nginx mailing list