NGINX: Reverse Proxy (SSL) with non-ssl backend

Steve Wilson lists-nginx at swsystem.co.uk
Wed May 28 23:14:48 UTC 2014


It's late and I'm about to go to bed so I've not checked the docs on
this but ...

add_header                 Front-End-Https   on;

I suspect this is meant to be proxy_add_header and meant so php can
detect the client is accessing via https.

If my memory is correct on this it's likely that php could be sending a
redirect (302) to https:... which your browser's following, hence the
seeming page refresh.

It might be worth creating a php page with the magical <?phpinfo()?> and
accessing it through nginx and apache to see if there's anything
obvious, and the "Front-End-Https" header when through nginx.

Steve.

On 26/05/2014 10:11, Nelson Manuel Marques wrote:
> 
> Hi,
> 
> I currently run a small system which consists on an Apache HTTP with PHP (8080) backend (no SSL on localhost) with a Varnish HTTP accelerator on Port 9000 (localhost) and a NGINX reverse proxy (SSL).
> 
> I am facing a small issue with this setup, mainly, when I select checkboxes and friends and hit submit (ex; application setup) nothing happens… Boxes get unticket and I remain in the same screen. If bind Apache or Varnish on all interfaces and hit their ports directly, everything works. I believe this might be an issue with my nginx setup.
> 
> My nginx configuration (vhost, nginx.conf is the default):
> 
> 
> 
> server {
>     listen                80;
>     server_name           foobar.local;
>     return 301            https://foobar.local/$request_uri;
> }
> 
> server {
>     listen                443 ssl;
>     server_name           foobar.local;
>    # virtual host error and access logs in /var/log/nginx
>     access_log            /var/log/nginx/foobar.local-access.log;
>     error_log             /var/log/nginx/foobar.local.vm-error.log;
>     # gzip compression configuration
>     gzip                  on;
>     gzip_comp_level       7;
>     gzip_min_length       1000;
>     gzip_proxied          any;
>     # SSL configuration; generated cert
>     keepalive_timeout     60;
>     ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>     ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DS
> S;
>     ssl_certificate       /etc/nginx/certs/self-ssl.crt;
>     ssl_certificate_key   /etc/nginx/certs/self-ssl.key;
>     ssl_session_cache     shared:SSL:5m;
>     ssl_session_timeout   5m;
>     ssl_prefer_server_ciphers  on;
> 
>     client_max_body_size 2M;
> 
>     location / {
>         proxy_pass                 http://127.0.0.1:8080/;
>         add_header                 Front-End-Https   on;
>         proxy_next_upstream        error timeout invalid_header http_500 http_502 http_503 http_504;
>         #proxy_set_header           Accept-Encoding   "";
>         proxy_set_header           Host            $http_host;
>         proxy_set_header           X-Real-IP       $remote_addr;
>         proxy_set_header           X-Forwarded-For $proxy_add_x_forwarded_for;
>         allow     all;
>         proxy_ignore_client_abort on;
>         proxy_redirect             off;
>     }
> }
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 



More information about the nginx mailing list