NGINX: Reverse Proxy (SSL) with non-ssl backend
Steve Wilson
lists-nginx at swsystem.co.uk
Wed May 28 23:14:48 UTC 2014
It's late and I'm about to go to bed so I've not checked the docs on
this but ...
add_header Front-End-Https on;
I suspect this is meant to be proxy_add_header and meant so php can
detect the client is accessing via https.
If my memory is correct on this it's likely that php could be sending a
redirect (302) to https:... which your browser's following, hence the
seeming page refresh.
It might be worth creating a php page with the magical <?phpinfo()?> and
accessing it through nginx and apache to see if there's anything
obvious, and the "Front-End-Https" header when through nginx.
Steve.
On 26/05/2014 10:11, Nelson Manuel Marques wrote:
>
> Hi,
>
> I currently run a small system which consists on an Apache HTTP with PHP (8080) backend (no SSL on localhost) with a Varnish HTTP accelerator on Port 9000 (localhost) and a NGINX reverse proxy (SSL).
>
> I am facing a small issue with this setup, mainly, when I select checkboxes and friends and hit submit (ex; application setup) nothing happens… Boxes get unticket and I remain in the same screen. If bind Apache or Varnish on all interfaces and hit their ports directly, everything works. I believe this might be an issue with my nginx setup.
>
> My nginx configuration (vhost, nginx.conf is the default):
>
>
>
> server {
> listen 80;
> server_name foobar.local;
> return 301 https://foobar.local/$request_uri;
> }
>
> server {
> listen 443 ssl;
> server_name foobar.local;
> # virtual host error and access logs in /var/log/nginx
> access_log /var/log/nginx/foobar.local-access.log;
> error_log /var/log/nginx/foobar.local.vm-error.log;
> # gzip compression configuration
> gzip on;
> gzip_comp_level 7;
> gzip_min_length 1000;
> gzip_proxied any;
> # SSL configuration; generated cert
> keepalive_timeout 60;
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DS
> S;
> ssl_certificate /etc/nginx/certs/self-ssl.crt;
> ssl_certificate_key /etc/nginx/certs/self-ssl.key;
> ssl_session_cache shared:SSL:5m;
> ssl_session_timeout 5m;
> ssl_prefer_server_ciphers on;
>
> client_max_body_size 2M;
>
> location / {
> proxy_pass http://127.0.0.1:8080/;
> add_header Front-End-Https on;
> proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
> #proxy_set_header Accept-Encoding "";
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> allow all;
> proxy_ignore_client_abort on;
> proxy_redirect off;
> }
> }
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
More information about the nginx
mailing list