Forum: NGINX Problem with http/https interoperation

8b660ec73f4c82689fead282d340346e?d=identicon&s=25 Benimaur Gao (Guest)
on 2014-04-21 10:14
(Received via mailing list)
Hello, all

    I have a web application, which use nginx as frontend reverse-proxy
sever. It's configured to use https to interact with user agent. Several
tomcats are used as backend application servers. The connection between
nginx and tomcats is http. The network structure is illustrated as
following:

    Browser -- https --> nginx --- http --> tomcat1
                                            \-- http --> tomcat2

    The normal request works ok. Problem comes when my program  returns
302/Redirection to user agent. Since tomcat has no idea about https'
environment, the location field in http response header is set as:
"Location: http://redirect.url.com". After receiving that, the browser
will
launch subsequent requests through http.

    Now I overcome this by redirecting all requests towards 80 to 443:

    server{
        listen 80;

        server_name  *.url.com;
        rewrite ^(.*) https://$server_name$1 permanent;
    }

    but this method has two obvious defects:
    1. the first request launch by use agent is still http, which will
incur security.
    2. nginx rewrite module works by returning 301/Move Permanently, I
think too much redirection between user agent and my application will
result in poor efficiency.

    I wonder if there is some ready-made module to manipulate the 302
Location header, or any other better ways to workaround this problem.
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-04-21 13:00
(Received via mailing list)
Hello!

On Mon, Apr 21, 2014 at 04:14:18PM +0800, Benimaur Gao wrote:

>
>     The normal request works ok. Problem comes when my program  returns
> 302/Redirection to user agent. Since tomcat has no idea about https'
> environment, the location field in http response header is set as:
> "Location: http://redirect.url.com". After receiving that, the browser will
> launch subsequent requests through http.

[...]

>     I wonder if there is some ready-made module to manipulate the 302
> Location header, or any other better ways to workaround this problem.

http://nginx.org/r/proxy_redirect

--
Maxim Dounin
http://nginx.org/
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.