HTTPS - NGINX with Passenger webservers behind F5 load balancer

The setup looks like this:

              LOAD BALANCER                     WEBSERVERS

    443  | F5 Load Balancer     |  80   /---> NGINX(with Passenger)

USER <------>| with SSL certificate |------|
| installed | |----> NGINX(with Passenger)
|
—> NGINX(with Passenger)

Communication between user and load balancer is going through
port 443 and between load balancer and webservers is going through
port 80.

What would be the correct nginx configuration for webservers, so they
don’t redirect https://… connections to http://…

In my case of such config I was able to force perl application to build
links inside with https. If your links don’t have any scheme, then
user’s browser will use existing one.

Also, you should avoid rewrites with schemes on nginx side.

i.e. rewrite ^ http://example.com/ permanent; should be avoided, because
it enforces to use http.

On Wed, Mar 9, 2011 at 9:48 PM, Vitaly T. [email protected] wrote:

In my case of such config I was able to force perl application to build
links inside with https. If your links don’t have any scheme, then user’s
browser will use existing one.

Also, you should avoid rewrites with schemes on nginx side.

i.e. rewrite ^ http://example.com/ permanent; should be avoided, because
it enforces to use http.

but you could also (and should) redirect to https instead?

-jf

Today Mar 9, 2011 at 14:39 Jarek Zmudzinski wrote:

Communication between user and load balancer is going through
port 443 and between load balancer and webservers is going through
port 80.

What would be the correct nginx configuration for webservers, so they
don’t redirect https://… connections to http://…

Rails honor X-Forwarded-Proto header.
Try insert it on F5:
http://devcentral.f5.com/Forums/tabid/1082223/asg/50/showtab/groupforums/aff/5/aft/26643/afv/topic/Default.aspx


WNGS-RIPE

Jarek Zmudzinski wrote in post #986664:

What I would like is to NGINX listen to https:// on port 80 this way any
https request to F5 LB could still be taken care of by NGINX listening
on port 80 without being redirected to http. But I am afraid it’s not
possible.

Problem solved. It was a F5 configuration issue. NGINX doesn’t redirect
https:// on port 80 to http://.

Thanks.

Thanks for your follow up.


Regards, Vitaly T.
System A.
U.S. +1 (206) 905-9939
Russia +7 911 094-2035

Jeffrey Lim wrote in post #986479:

but you could also (and should) redirect to https instead?

Yeah, but this way I would still have to setup nginx to listen on 443
and include ssl_certificate on NGINX webservers. This would result in
secure communication on port 443 between F5 LB and NGINX webservers. I
don’t want that.

What I would like is to NGINX listen to https:// on port 80 this way any
https request to F5 LB could still be taken care of by NGINX listening
on port 80 without being redirected to http. But I am afraid it’s not
possible.

I hate to read this kind of thread when the OP resolves the issue and
post “Thanks! fixed”

You fixed doing what?

Explain so others shouldn’t need to ask it twice.

Thanks

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,181577,188794#msg-188794

On Apr 6, 2011, at 11:11 PM, genarg wrote:

I hate to read this kind of thread when the OP resolves the issue and
post “Thanks! fixed”

You fixed doing what?

Explain so others shouldn’t need to ask it twice.

Agree!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs