Problem with 'Host' http header when using ssl

addis_a · November 5, 2014, 6:04pm

I’m using Nginx as reverse proxy with SSL termination. The J2EE
application
that is behind it sometimes uses host information to create URLs for
popup
windows. Right now it inserts name of my upstream into URL and popup
windows
are not launched (obviously). I understand that i have to fill ‘Host’
header
with appropriate value. So I tried to use
proxy_set_header Host $host;
inside my ‘location’ block. It works perfectly when I’m connecting over
http. By when I’m connection over https it doesn’t work (even more - all
pages are not available).
My configuration:
upstream BE {
ip_hash;
server … max_fails=1 fail_timeout=300s;
server … max_fails=1 fail_timeout=300s;
}

server {
listen 443 ssl;
server_name localhost;

location / {
proxy_pass http://BE;
# proxy_redirect off;

  #proxy_set_header X-Forwarded-Proto https;
  #proxy_set_header        X-Real-IP       $remote_addr;
  #proxy_set_header        X-Forwarded-For

$proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
}

I found this post

but it is not resolved.

Regards,
Ivan

Posted at Nginx Forum:

Ivan_Artyukhin · November 5, 2014, 6:06pm

As soon as I uncomment ‘# proxy_set_header Host $host;’ line it stops
working. All other headers don’t matter

Posted at Nginx Forum:

Ivan_Artyukhin · November 5, 2014, 6:48pm

With such backends you need to tell the backend that the origin is
https,
otherwise it will ‘think’ its serving http since it is unaware of a
proxy.

ea.

<!-- This connector is for normal HTTP connections -->
<Connector port="8080" protocol="HTTP/1.1"
           proxyPort="443"
           proxyName="domain.nl"

You might get away with a static set host value.

Posted at Nginx Forum:

Ivan_Artyukhin · November 5, 2014, 8:50pm

Backend correctly analyzes ‘host’ header. To check it I created simple
ServletFilter to ‘set’ this header and after it backend forms correct
URLs.
So my problem will be solved if I manage to set ‘host’ header in nginx
configuration. I’m still confused why I can set this header for non-SSL
port
and I can’t do it for SSL. What am I missing?

Regards,
Ivan

Posted at Nginx Forum:

Ivan_Artyukhin · November 5, 2014, 10:58pm

Ivan Artyukhin Wrote:

configuration. I’m still confused why I can set this header for
non-SSL port and I can’t do it for SSL. What am I missing?

Maybe its a SNI thing, see also

Posted at Nginx Forum: