Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all articles
Browse latest Browse all 7229

Fwd: reverse proxy (3 replies)

$
0
0
Hi all,

I configured an nginx server as a reverse proxy few months ago. i have
apache server as a back end of the reverse proxy. Every thing worked
well until i start to use ssl.

When i try to redirect https://mydomain.com to https://www.mydomain.com it
gives me ssl untrusted error.

When i check HTTP_X_URL_SCHEME on backend server it shows only http.
Backend cannot understand if it is a http or https header.

How do i fix this?

below is my nginx vhost and back end apache vhost

server {
listen 443;
server_name mydomain.com www.mydomain.com;

access_log /var/log/nginx/mydomain.com.access.log;

ssl on;
ssl_certificate /home/ssl/mydomain.com.crt;
ssl_certificate_key /home/ssl/mydomain.com.pvk;

ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1;

ssl_session_cache shared:SSL:2m;

ssl_ciphers
DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

charset utf-8;
keepalive_timeout 70;

location / {
proxy_pass http://xx.xx.xx.xx:xx;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Url-Scheme $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;

proxy_buffer_size 4k;
}

##########################################################

DocumentRoot /path/
<Directory /path>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
RewriteEngine on
AddDefaultCharset utf-8
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.mydomain.com$1 [R=302,L]

RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteRule ^(.*)$ http://www.mydomain.com$1 [R=302,L]

RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$
RewriteRule .* - [F]
RewriteRule ^(.*)$ index.php?route=$1 [L,QSA]

Order allow,deny
Allow from all
</Directory>

<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips xx.xx.xx.xx
</IfModule>

--
*Dinoosh Nikapitiya
IT Infrastructure Administrator
Mobile :- (077) 5 904 547*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Viewing all articles
Browse latest Browse all 7229

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>