Rev. Proxy with SSL: IE/Safari/Chrome ok; FF fails


after playing around for hours I would like to request some help.
What I want: ssl reverse_proxy to alfresco/tomcat backend.
client<–ssl–>nginx<–http–>backend (1-n)
I was able to setup it up so it works for IE9/Safari 5.1.5/ Chrome
18.0.x and older Firefox like 3.6.X
Login works for Alfresco Share and Alfresco Explorer with these
With FF 9 or12 only Alf Explorer does, Share Login returns immediately
to login page.
I’ve tried numerous configs but can’t get it to work.
nginx versions 1.2.0 and 1.0.5

user www-data;
worker_processes 2;

error_log /var/log/nginx/debug.log debug;
pid /var/run/;
events {
worker_connections 1024;
use epoll;
accept_mutex off;

http {
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;

sendfile on;
tcp_nopush on;
keepalive_timeout 65;

reverse proxy options

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


client_body_buffer_size 128K;
client_max_body_size 100M;
client_header_buffer_size 1M;
large_client_header_buffers 8 8k;


client_body_timeout 600;
client_header_timeout 60;
expires 24h;
send_timeout 60;


gzip compression options

gzip on;
gzip_http_version 1.0;
gzip_comp_level 6;
gzip_min_length 0;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript
application/xml application/xml+rss application/javascript
gzip_disable “MSIE [1-6].”;
gzip_vary on;

include /etc/nginx/sites-enabled/*.conf;


alfresco-8.conf (the only one in sites-enabled):
server {
listen 80;
server_name alfresco-8.hosts.local;

access_log /var/log/nginx/alfresco-8.access.log;
error_log  /var/log/nginx/alfresco-8.error.log debug;

return 301 https://alfresco-8.hosts.local$request_uri;


Doesn’t matter if these lines are active or not

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

server {
listen 443;
server_name alfresco-8.hosts.local;
keepalive_timeout 70;

access_log /var/log/nginx/alfresco-8.access.log;
error_log  /var/log/nginx/alfresco-8.error.log debug;

ssl on;
ssl_certificate      /etc/nginx/keys/staging/ssl-unified.crt;
ssl_certificate_key  /etc/nginx/keys/staging/ssl.key;

location / {
   deny all;
location /alfresco/ {
location /share/ {


BTW: Is it necessary to have port 80 active and a rewirte/return
directive in the specific section? Doesn’t it work without port 80
Wasn’t able to get it to work, because nginx returns always http - URI.

Best Regards

Posted at Nginx Forum: