Proxy SSL redirects


#1

Hello all,

I have configured nginx-0.7.31 to proxy SSL requests (see config
below; and yes - I need SSL on the back-end as well as on the
front-end).

While it perfectly works for cia back-end, I have an issue with
paypal: the first request to https://ahchoo:2443/ redirects user to
https://www.paypal.com/.

Any suggestions on what have I missed?

nginx.conf:

worker_processes 1;
error_log logs/error.log debug;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

access_log  logs/access.log;

sendfile        on;
keepalive_timeout  65;

#gzip  on;

upstream paypal {
  server  www.paypal.com:443;
}
upstream cia {
  server  www.cia.gov:443;
}

server {
    listen       2443;
    server_name  ahchoo;

    ssl                  on;
    ssl_certificate      ssl/ahchoo.crt;
    ssl_certificate_key  ssl/ahchoo.key;

    location / {
        proxy_pass https://paypal;
        proxy_redirect    default;
    }
}

}


#2

On Thu, Jan 22, 2009 at 12:14:17AM +0200, Pavel Ivashkov wrote:

Any suggestions on what have I missed?

    ssl                  on;
    ssl_certificate      ssl/ahchoo.crt;
    ssl_certificate_key  ssl/ahchoo.key;

    location / {
        proxy_pass https://paypal;
        proxy_redirect    default;

You should either use

         proxy_pass      https://www.paypal.com/;
         proxy_redirect  default;

without upstream block, or

         proxy_pass      https://paypal;
         proxy_redirect  https://www.paypal.com/  /;

as
proxy_redirect default;

means in this case

         proxy_redirect  https://paypal   /;

#3

Hello Igor,

Thank you, that helped.

Thursday, January 22, 2009, 10:00:38 AM, you wrote:

IS> You should either use

IS> proxy_pass https://www.paypal.com/;
IS> proxy_redirect default;

IS> without upstream block, or

IS> proxy_pass https://paypal;
IS> proxy_redirect https://www.paypal.com/ /;

IS> as
IS> proxy_redirect default;

IS> means in this case

IS> proxy_redirect https://paypal /;