Nginx as reverse proxy to Hudson-Logout issue

Hello list,

I have configured nginx as a reverse proxy to our hudson build server as
follows:

[b]server {
listen 80;
server_name koala.proxy.internal;

location /hudson/ {
proxy_pass http://build.example.com/hudson/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
proxy_redirect off;
}[/b]

The backend hudson server is configured to authenticate users with
Active Directory using
the hudson active directory plugin.

Everything works fine, except that when I click the logout button,
nothing happens, and
I am still logged in, wheras the expected behaviour is, I should be
logged out and taken
to the login page.

The request and response headers in firebug show these:

Response:

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 01 Sep 2010 02:40:57 GMT
Connection: keep-alive
Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=""; Path=/hudson
Location: http://koala.proxy.internal/hudson/
Content-Length: 0
Expires: Thu, 02 Sep 2010 02:40:57 GMT
Cache-Control: max-age=86400

Request:

GET /hudson/logout HTTP/1.1
Host: koala.proxy.internal
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8)
Gecko/20100722 Firefox/3.6.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://koala.proxy.internal/hudson/people/
Cookie: screenResolution=1280x720;
JSESSIONID=8957FA425BC89DE784266DAACAD45135

Below are the headers from the hudson server, when I access it directly
and click the logout
button:

Response:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: 0
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 01 Sep 2010 05:00:33 GMT

Request:

GET /hudson/login?from=%2Fhudson%2F HTTP/1.1
Host: build.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8)
Gecko/20100722 Firefox/3.6.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://build.example.com/hudson/
Cookie: screenResolution=1280x720;
JSESSIONID=105C0A7031B817E0321336310FC8D6E1

As I understand from the headers,when I click logout, the GET request
should be for “/hudson/login?from=%2Fhudson%2F”
and not for “/hudson/logout” as is happening through the reverse proxy.

I have tried many things to get it working but to no avail.Would really
appreciate if someone
could guide me here.

Thanks,
Mogaroy

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,125909,125909#msg-125909

For anyone who may be facing similar issues, I solved my problem by
adding 'add_header Pragma “no-cache”’ to my configuration.

http://agiletesting.blogspot.com/2010/06/commong-nginx-configuration-options.html

Thanks,
Mogaroy

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,125909,127855#msg-127855

On Tue, Sep 07, 2010 at 01:54:54AM -0400, mogaroy wrote:

For anyone who may be facing similar issues, I solved my problem by
adding 'add_header Pragma “no-cache”’ to my configuration.

http://agiletesting.blogspot.com/2010/06/commong-nginx-configuration-options.html

“Pragma: no-cache” is a client request header line.
Although I saw an advise to add this line to a response many times,
I’m not sure that browser or transient proxy server understands
the header line in the response.


Igor S.
http://sysoev.ru/en/

Right Igor, checking further, found that the above solution works well
with Firefox but not with IE.
Any help please?

Thanks,
Mogaroy

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,125909,127861#msg-127861

Fixed it for IE as well with this:

add_header Cache-Control “no-cache”;

Thanks,
Mogaroy

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,125909,127876#msg-127876

On Tue, Sep 07, 2010 at 03:54:55AM -0400, mogaroy wrote:

Fixed it for IE as well with this:

add_header Cache-Control “no-cache”;

Yes, this is right way.

However, this configuration is wrong:

location / {
root /var/www;
include cache-control.conf;
index index.html index.htm;
}

cache-control.conf:

default cache 1 day

expires +1d;

if ($request_uri ~* “^/services/.*$”) {
expires +0d;
add_header Pragma “no-cache”;
}

if ($request_uri ~* “^/(index.html)?$”) {
expires +1h;
}

It may work in some case and may not work in others.
It should be rewritten as:

root /var/www;
index index.html index.htm;

location = / {
expires +1h;
}

location = /index.html {
expires +1h;
}

location / {
index index.html index.htm;
expires +1d;
}

location /services/ {
index index.html index.htm;
expires -1;
}


Igor S.
http://sysoev.ru/en/

On Tue, Sep 07, 2010 at 12:21:37PM +0400, Igor S. wrote:

location / {
if ($request_uri ~* “^/services/.*$”) {

location / {
index index.html index.htm;
expires +1d;
}

location /services/ {
index index.html index.htm;
expires -1;
}

Indecies in locations are not needed since they are inherited from
the server level:

root /var/www;
index index.html index.htm;

location = / {
expires +1h;
}

location = /index.html {
expires +1h;
}

location / {
expires +1d;
}

location /services/ {
expires -1;
}


Igor S.
http://sysoev.ru/en/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs