Reverse proxy SSL subdomain

Tue Jul 8 14:45:30 UTC 2014

Hi,

We have heterogeneous applications e and need centralizing requests on
Nginx.

I´m trying use reverse proxy on a subdomain and redirect requests to Java
Glassfish. The problem occurs by default on listening subdomains. For
example:

server {
		listen 80;
        server_name  subdomainA.domain.com.br;
        charset utf-8;
		passenger_enabled  on;
		root /var/www/rails_apps/appA/public;

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

		location ~ ^/(assets)/  {
		  root /var/www/rails_apps/appA/public;
		  gzip_static on;
		  expires 30d;
		  add_header Cache-Control public;
		}
    }

	server {
		listen 80;
        server_name  domain.com.br www.domain.com.br;
        charset utf-8;
		passenger_enabled  on;
		root /var/www/rails_apps/domain/public;

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

		location ~ ^/(assets)/  {
		  root /var/www/rails_apps/domain/public;
		  gzip_static on;
		  expires 30d;
		  add_header Cache-Control public;
		}
    }

Works fine! When access htttp://subdomainA.domain.com.br access app =>
/var/www/rails_apps/appA/public and http://www.domain.com.br access app =>
/var/www/rails_apps/domain/public.

But, if i'll trying use config bellow:

server {
		### server port and name ###
		listen 80;
		listen 443 ssl;
		ssl on;
		server_name sudomainB.domain.com.br;

		### SSL log files ###
		access_log      logs/ssl-access.log;
		error_log       logs/ssl-error.log;

		### SSL cert files ###
		ssl_certificate /opt/nginx/ssl/sudomainB.domain.com.br.crt;	
        ssl_certificate_key /opt/nginx/ssl/sudomainB.domain.com.br.key; 

		### Add SSL specific settings here ###

		ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers RC4:HIGH:!aNULL:!MD5;
		ssl_prefer_server_ciphers on;
		keepalive_timeout    60;
		ssl_session_cache    shared:SSL:10m;
		ssl_session_timeout  10m;

		### We want full access to SSL via backend ###
		location / {
	 		### force timeouts if one of backend is died ##
			proxy_next_upstream error timeout invalid_header http_500 http_502
http_503 http_504;

			### Set headers ####
			proxy_set_header        Accept-Encoding   "";
			proxy_set_header        Host            $host;
			proxy_set_header        X-Real-IP       $remote_addr;
			proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

			### Most PHP, Python, Rails, Java App can use this header ###
			#proxy_set_header X-Forwarded-Proto https;
			#This is better##
			proxy_set_header        X-Forwarded-Proto $scheme;
			add_header              Front-End-Https   on;

			### By default we don't want to redirect it ####
			proxy_redirect     off;

			proxy_pass  http://GLASSFISH_IP;
		}
	}

When access https://sudomainB.domain.com.br i´m get an Timeout Connection.
But, if i'm trying access https://domain.com.br, works fine and i redirected
to glassfissh root app.

Why HTTPS://subdomainB.domain.com.br doesn't work?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,251551,251551#msg-251551