Forum: NGINX NGINX: Reverse Proxy (SSL) with non-ssl backend

Be3901ff59c7bcdf9860d428cca7885a?d=identicon&s=25 Nelson Manuel Marques (Guest)
on 2014-05-26 11:12
(Received via mailing list)
Hi,

I currently run a small system which consists on an Apache HTTP with PHP
(8080) backend (no SSL on localhost) with a Varnish HTTP accelerator on
Port 9000 (localhost) and a NGINX reverse proxy (SSL).

I am facing a small issue with this setup, mainly, when I select
checkboxes and friends and hit submit (ex; application setup) nothing
happens Boxes get unticket and I remain in the same screen. If bind
Apache or Varnish on all interfaces and hit their ports directly,
everything works. I believe this might be an issue with my nginx setup.

My nginx configuration (vhost, nginx.conf is the default):



server {
    listen                80;
    server_name           foobar.local;
    return 301            https://foobar.local/$request_uri;
}

server {
    listen                443 ssl;
    server_name           foobar.local;
   # virtual host error and access logs in /var/log/nginx
    access_log            /var/log/nginx/foobar.local-access.log;
    error_log             /var/log/nginx/foobar.local.vm-error.log;
    # gzip compression configuration
    gzip                  on;
    gzip_comp_level       7;
    gzip_min_length       1000;
    gzip_proxied          any;
    # SSL configuration; generated cert
    keepalive_timeout     60;
    ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DS
S;
    ssl_certificate       /etc/nginx/certs/self-ssl.crt;
    ssl_certificate_key   /etc/nginx/certs/self-ssl.key;
    ssl_session_cache     shared:SSL:5m;
    ssl_session_timeout   5m;
    ssl_prefer_server_ciphers  on;

    client_max_body_size 2M;

    location / {
        proxy_pass                 http://127.0.0.1:8080/;
        add_header                 Front-End-Https   on;
        proxy_next_upstream        error timeout invalid_header http_500
http_502 http_503 http_504;
        #proxy_set_header           Accept-Encoding   "";
        proxy_set_header           Host            $http_host;
        proxy_set_header           X-Real-IP       $remote_addr;
        proxy_set_header           X-Forwarded-For
$proxy_add_x_forwarded_for;
        allow     all;
        proxy_ignore_client_abort on;
        proxy_redirect             off;
    }
}
36a8284995fa0fb82e6aa2bede32adac?d=identicon&s=25 Francis Daly (Guest)
on 2014-05-29 01:06
(Received via mailing list)
On Mon, May 26, 2014 at 10:11:27AM +0100, Nelson Manuel Marques wrote:

Hi there,

> I am facing a small issue with this setup, mainly, when I select checkboxes and
friends and hit submit (ex; application setup) nothing happens…

Can you rephrase this in the form of "I make this http request and I
get that http response but I expect this other http response"?

Or: what do the nginx logs say about how the incoming request was
handled?

  f
--
Francis Daly        francis@daoine.org
A22d31b5ab0fc6870e72a12be631e1ef?d=identicon&s=25 Steve Wilson (Guest)
on 2014-05-29 01:16
(Received via mailing list)
It's late and I'm about to go to bed so I've not checked the docs on
this but ...

add_header                 Front-End-Https   on;

I suspect this is meant to be proxy_add_header and meant so php can
detect the client is accessing via https.

If my memory is correct on this it's likely that php could be sending a
redirect (302) to https:... which your browser's following, hence the
seeming page refresh.

It might be worth creating a php page with the magical <?phpinfo()?> and
accessing it through nginx and apache to see if there's anything
obvious, and the "Front-End-Https" header when through nginx.

Steve.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.