Reverse proxy redirection issue
Daniel Armando Rodriguez
drodriguez at unau.edu.ar
Mon Sep 20 14:01:59 UTC 2021
El 2021-09-19 22:08, Daniel Armando Rodriguez escribió:
> El 2021-09-19 04:00, Francis Daly escribió:
>> On Sat, Sep 18, 2021 at 09:16:28AM -0300, Daniel Armando Rodriguez
>> wrote:
>>> El 2021-09-18 05:03, Francis Daly escribió:
>>> > On Fri, Sep 17, 2021 at 10:24:44PM -0300, Daniel Armando Rodriguez
>>> > wrote:
>>
>> Hi there,
>>
>>> > if you do
>>> >
>>> > curl -i http://2.DOMAIN.edu.ar
>>> >
>>> > you get a http 301 redirect from nginx to https://1.DOMAIN.edu.ar (which
>>> > is not what you want).
>>> >
>>> > Is that correct?
>>>
>>> Yep, that was exactly the issu. And saying 'was' 'cause this morning
>>> everything is working like a charm. Without made any further
>>> modification I
>>> mean. Really don't know what have happened here, but glad to see it
>>> working
>>> as expected.
>>
>> Great that you have a config and setup that now does what you want :-)
>>
>> Now that is isn't broken, with no known changes, it's hard to guess
>> what might have been the problem. Maybe something restarted overnight,
>> or caches cleared, or something odd like that.
>>
>> Cheers,
>>
>> f
>
> Today I added a new domain, and the issue showed up again.
>
> curl -i http://4.DOMAIN.edu.ar
>
> Returns a redirect to https://4.DOMAIN.edu.ar
>
> But
>
> curl -i https://4.DOMAIN.edu.ar
>
> Returns a redirect to https://4.DOMAIN.edu.ar
>
> I really would like to understand why this happens.
>
> This is the output of nginx -T
>
> # configuration file /etc/nginx/sites-enabled/4.DOMAIN.edu.ar.conf:
> server {
> listen 80;
> server_name 4.DOMAIN.edu.ar;
> server_tokens off;
> # Don't show the nginx version number
>
> include /etc/nginx/snippets/location-letsencrypt.conf;
>
> return 301 https://$server_name$request_uri;
> }
>
> server {
> listen 443 ssl http2;
>
> server_name 4.DOMAIN.edu.ar;
> server_tokens off;
> # Don't show the nginx version number
>
> include /etc/nginx/snippets/location-letsencrypt.conf;
> include /etc/nginx/snippets/ssl-params.conf;
>
> ssl_certificate
> /etc/letsencrypt/live/4.DOMAIN.edu.ar/fullchain.pem;
> ssl_certificate_key
> /etc/letsencrypt/live/4.DOMAIN.edu.ar/privkey.pem;
>
> location / {
> proxy_http_version 1.1;
> #For Websockets and keepalive connections
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
> #required when using Websockets
> proxy_set_header Host $host;
> #Contains:
> # hostname from the request line,
> # or hostname from the Host request header field,
> # or the server name matching a request.
> proxy_set_header X-Real-IP $remote_addr;
> #Forwards the real visitor remote IP address
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> #List containing the IP addresses of every server the client
> has been proxied through.
> proxy_set_header X-Forwarded-Proto $scheme;
> #When used inside an HTTPS server block,
> #each HTTP response from the proxied server is rewritten to
> HTTPS
> proxy_set_header X-Forwarded-Host $host;
> #Original host requested by the client
> proxy_set_header X-Forwarded-Port $server_port;
> #Original port requested by the client
> proxy_pass http://INTERNAL-IP/;
> }
>
> access_log /var/log/nginx/4.DOMAIN.edu.ar/access.log;
> error_log /var/log/nginx/4.DOMAIN.edu.ar/error.log;
>
> }
Gave a try adding
server {
listen 80;
return 444;
}
server {
listen 443;
return 444;
}
to prevent processing requests with undefined server names, but the
message was 'Connection closed'
More information about the nginx
mailing list