Hi all,
I configured an nginx server as a reverse proxy few months ago. i have
apache server as a back end of the reverse proxy. Every thing worked
well until i start to use ssl.
When i try to redirect https://mydomain.com to https://www.mydomain.com it
gives me ssl untrusted error.
When i check HTTP_X_URL_SCHEME on backend server it shows only http.
Backend cannot understand if it is a http or https header.
How do i fix this?
below is my nginx vhost and back end apache vhost
server {
listen 443;
server_name mydomain.com www.mydomain.com;
access_log /var/log/nginx/mydomain.com.access.log;
ssl on;
ssl_certificate /home/ssl/mydomain.com.crt;
ssl_certificate_key /home/ssl/mydomain.com.pvk;
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1;
ssl_session_cache shared:SSL:2m;
ssl_ciphers
DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
charset utf-8;
keepalive_timeout 70;
location / {
proxy_pass http://xx.xx.xx.xx:xx;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Url-Scheme $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
}
##########################################################
DocumentRoot /path/
<Directory /path>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
RewriteEngine on
AddDefaultCharset utf-8
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.mydomain.com$1 [R=302,L]
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteRule ^(.*)$ http://www.mydomain.com$1 [R=302,L]
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$
RewriteRule .* - [F]
RewriteRule ^(.*)$ index.php?route=$1 [L,QSA]
Order allow,deny
Allow from all
</Directory>
<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips xx.xx.xx.xx
</IfModule>
--
*Dinoosh Nikapitiya
IT Infrastructure Administrator
Mobile :- (077) 5 904 547*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
I configured an nginx server as a reverse proxy few months ago. i have
apache server as a back end of the reverse proxy. Every thing worked
well until i start to use ssl.
When i try to redirect https://mydomain.com to https://www.mydomain.com it
gives me ssl untrusted error.
When i check HTTP_X_URL_SCHEME on backend server it shows only http.
Backend cannot understand if it is a http or https header.
How do i fix this?
below is my nginx vhost and back end apache vhost
server {
listen 443;
server_name mydomain.com www.mydomain.com;
access_log /var/log/nginx/mydomain.com.access.log;
ssl on;
ssl_certificate /home/ssl/mydomain.com.crt;
ssl_certificate_key /home/ssl/mydomain.com.pvk;
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1;
ssl_session_cache shared:SSL:2m;
ssl_ciphers
DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
charset utf-8;
keepalive_timeout 70;
location / {
proxy_pass http://xx.xx.xx.xx:xx;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Url-Scheme $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
}
##########################################################
DocumentRoot /path/
<Directory /path>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
RewriteEngine on
AddDefaultCharset utf-8
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.mydomain.com$1 [R=302,L]
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteRule ^(.*)$ http://www.mydomain.com$1 [R=302,L]
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$
RewriteRule .* - [F]
RewriteRule ^(.*)$ index.php?route=$1 [L,QSA]
Order allow,deny
Allow from all
</Directory>
<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips xx.xx.xx.xx
</IfModule>
--
*Dinoosh Nikapitiya
IT Infrastructure Administrator
Mobile :- (077) 5 904 547*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx