Reverse proxy redirection issue
Daniel Armando Rodriguez
drodriguez at unau.edu.ar
Mon Sep 20 20:20:55 UTC 2021
El 2021-09-20 13:49, Francis Daly escribió:
> On Sun, Sep 19, 2021 at 10:08:08PM -0300, Daniel Armando Rodriguez
> wrote:
>> El 2021-09-19 04:00, Francis Daly escribió:
>
> Hi there,
>
>> Today I added a new domain, and the issue showed up again.
>>
>> curl -i http://4.DOMAIN.edu.ar
>>
>> Returns a redirect to https://4.DOMAIN.edu.ar
>
> Ok, so that much is doing what is wanted.
>
>> But
>>
>> curl -i https://4.DOMAIN.edu.ar
>>
>> Returns a redirect to https://4.DOMAIN.edu.ar
>
> And that is a redirect loop, which is not what you want.
>
> When you request https://4.DOMAIN.edu.ar, that should get to nginx,
> which should make a http request to INTERNAL_IP and return the
> response.
>
>> server {
>> listen 443 ssl http2;
>>
>> server_name 4.DOMAIN.edu.ar;
>
>> location / {
>> proxy_http_version 1.1;
>> #For Websockets and keepalive connections
>> proxy_set_header Upgrade $http_upgrade;
>> proxy_set_header Connection "upgrade";
>> #required when using Websockets
>> proxy_set_header Host $host;
> ...
>> proxy_pass http://INTERNAL-IP/;
>> }
>
> What response do you get if you start on the nginx server and run the
> command
>
> curl -v -H Host:4.DOMAIN.edu.ar http://INTERNAL-IP/
>
> ? I'm not sure if the Connection header will make a difference here;
> it is possible that some of the X- headers are specially handled by the
> internal server; and maybe adding --http1.1 to the curl command line
> will make a difference too.
>
> The aim is to see how the internal server responds, to see if there is
> an nginx-side config that can be made to make the end-user experience
> more useful.
>
>
>
> It is possible that the internal server logs, or the nginx debug log,
> could give more detail; but the "curl" command is probably relatively
> quick to run and interpret.
>
> Cheers,
>
> f
This is the output
# curl -v -H Host:4.DOMAIN.edu.ar http://INTERNAL-IP/
* Expire in 0 ms for 6 (transfer 0x56179d823c10)
* Trying INTERNAL-IP...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x56179d823c10)
* Connected to INTERNAL-IP (INTERNAL-IP) port 80 (#0)
> GET / HTTP/1.1
> Host:4.DOMAIN.edu.ar
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 20 Sep 2021 20:07:38 GMT
< Server: Apache/2.4.38
< X-Pingback: http://1.DOMAIN.edu.ar/xmlrpc.php
< X-Redirect-By: WordPress
< Location: https://1.DOMAIN.edu.ar/
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host INTERNAL-IP left intact
However, the same target machine hosts other services (each one with its
own subdomain: 1, 2 & 3) that also go through the proxy. And they work
as expected. Just to compare, this is the output.
# curl -v -H Host:2.DOMAIN.edu.ar http://INTERNAL-IP/
* Expire in 0 ms for 6 (transfer 0x55c30497ac10)
* Trying INTERNAL-IP...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55c30497ac10)
* Connected to INTERNAL-IP (INTERNAL-IP) port 80 (#0)
> GET / HTTP/1.1
> Host:2.DOMAIN.edu.ar
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 20 Sep 2021 20:12:01 GMT
< Server: Apache/2.4.38
< Set-Cookie: PHPSESSID=qujrksv6dbcf4t2pvf53judvnk; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 4364
< Content-Type: text/html; charset=UTF-8
More information about the nginx
mailing list