Nginx Rewrite for Proxy Pass

Hello everyone, I have an interesting issue. I am using nginx 1.6.0 to
proxy back to my Jira instance. This is working great within my
network.
This is the issue. I am using a fortigate device to protect my network
and
I want to use the https connection in the web portal to access my Jira
instance. The problem is that jira always expects a
https://jira.internal.example.com, because that is what is set in it’s
base
url. The fortigate sends this to nginx:

https://vpn.example.com/proxy/https/jira.internal.example.com/secure/Dashboard.jspa

Jira see’s this as an incorrect path and causing it to not properly. I
am
wanting to know is there a way to rewrite the path that the fortigate is
sending to nginx so that jira believe’s its correct. Thanks!

Brent

On 30 May 2014 16:55, bwellsnc [email protected] wrote:

Hello everyone, I have an interesting issue. I am using nginx 1.6.0 to
proxy back to my Jira instance. This is working great within my network.
This is the issue. I am using a fortigate device to protect my network and
I want to use the https connection in the web portal to access my Jira
instance. The problem is that jira always expects a
https://jira.internal.example.com, because that is what is set in it’s base
url. The fortigate sends this to nginx:

https://vpn.example.com/proxy/https/jira.internal.example.com/secure/Dashboard.jspa

I think someone configured your firewall wrongly. That’s not just a
device’s specific quirk - if someone sold a device that did that
andonlythat then they’d go out of business. Fix the
misconfiguration.

Jira see’s this as an incorrect path and causing it to not properly. I am
wanting to know is there a way to rewrite the path that the fortigate is
sending to nginx so that jira believe’s its correct. Thanks!

Not tested, but should push you in the right direction:

resolver some.internal.resolver.ip;
rewrite ^/proxy/https/jira.internal.example.com/(.*)$ /$1;
proxy_set_header Host jira.internal.example.com;
proxy_pass https://jira.internal.example.com;

But don’t do that. Fix your wrongly configured other device.

J

On Fri, May 30, 2014 at 11:55:32AM -0400, bwellsnc wrote:

Hi there,

This is the issue. I am using a fortigate device to protect my network and
I want to use the https connection in the web portal to access my Jira
instance. The problem is that jira always expects a
https://jira.internal.example.com, because that is what is set in it’s base
url. The fortigate sends this to nginx:

https://vpn.example.com/proxy/https/jira.internal.example.com/secure/Dashboard.jspa

According to the proxy_pass documentation,

location ^~ /proxy/https/jira.internal.example.com/ {
proxy_pass https://[jira hostname or ip]/;
proxy_set_header Host jira.internal.example.com;
}

should do what you seem to be asking for. (Replace [this bit].)

But I’m not aware of any proxy/firewall devices that do what you say
your
fortigate is doing. So it may not end up doing what you actually want.

f

Francis D. [email protected]

J, It’s not a misconfigured device, that is how fortinet does it’s
webportal vpn access to internal websites. Talked to fortinet, that’s
how
it works. Francis, I will look at that. Thanks for your help!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs