Http, https issue


I am setting up my rails app to work with ginx and cluster mongrel.
Everything seems to be fine. But sometimes I get an error.
Investigating, the error ocurred always when something redirects to a
https:// like URL.
Investigating deeply I found out that this redirection occurs when the
acts_as_authenticated plugin in my app is “used”.
The thing is that this redirection is different when I access the app
directly via mongrel, see bellow.
My question is: what should make nginx redirect to a https instead of
http? So I can investigate better.


=== directly to mongrel
Processing TasksController#index (for at 2008-01-17
19:03:46) [GET]
Session ID: b1c5b09b7b0df57fc12710906ec6d149
Parameters: {“action”=>“index”, “controller”=>“tasks”}
Redirected to http://bbking:4662/account/login

=== through nginx
Processing TasksController#index (for at 2008-01-17 18:49:40)
Session ID: 66f58053fd6b885764e8f29f6d6f5fba
Parameters: {“action”=>“index”, “controller”=>“tasks”}
Redirected to https://bbking:8081/account/login

Please provide you nginx.conf file

Aníbal Rojas

Aníbal Rojas wrote:

Please provide you nginx.conf file


Just found out the problem

  # needed for HTTPS
  proxy_set_header  X-FORWARDED_PROTO https;
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_redirect false;
  proxy_max_temp_file_size 0;

I removed these lines.



On Fri, Jan 18, 2008 at 10:54:13AM +0100, Ricardo A. wrote:

An??bal Rojas wrote:

Please provide you nginx.conf file



server {

port to listen on. Can also be set to an IP:PORT

listen 8081 default;
location / {
index index.html index.htm
# needed to forward user’s IP address to rails
proxy_set_header X-Real-IP $remote_addr;
# needed for HTTPS
proxy_set_header X-FORWARDED_PROTO https;

So you setting X-FORWARDER_PROTO header to ‘https’ for non-https
connection. Probably this is the reason why your app uses https://
in redirect.

Hint: if you want to preserve this lines identical between http
and https servers (e.g. for using identical include file or just
describing them at http{} level instead of doing so in location{}), you
may try using $scheme variable. I.e.:

  • proxy_set_header X-FORWARDED_PROTO https;
  • proxy_set_header X-FORWARDED_PROTO $scheme;

Maxim D.