TransWikia.com

NGINX is forwarding HTTPS-traffic on some url's incorrectly to HTTP on port 443

Server Fault Asked by ujjain on November 24, 2021

This is a Docker container with NGINX and Jenkins in the same container, running with supervisord. The Docker container is running behind an ELB in AWS ECS.

NGINX is supposed to forward traffic from http://jenkins to https://jenkins.

What happens is that traffic:

  • https://jenkins/computer/ –> goes to https ✅

  • https://jenkins/computer –> goes to http and port 443 ❌

Config:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /var/www/;
    index index.html index.htm;

    client_max_body_size 10M;

    server_name jenkins;
    ignore_invalid_headers    off;

    location / {
        allow vpnip/32;
        deny all;

        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        # Fix the "It appears that your reverse proxy set up is broken" error.
        proxy_pass          http://127.0.0.1:8080;
        proxy_read_timeout  90;
        proxy_redirect      http://127.0.0.1:8080 https://jenkins;
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off; # Required for HTTP-based CLI to work over SSL
        if ($http_x_forwarded_proto != "https") {
            rewrite ^(.*)$ https://$server_name$1 permanent;
        }
    }

Output:

https://jenkins/computer
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
302 Found
Date: Tue, 21 Jul 2020 13:35:47 GMT
Location: http://jenkins:443/computer/
Server: nginx
X-Content-Type-Options: nosniff
Content-Length: 0
Connection: keep-alive

What could be the reasons that this happens?

jenkinsnginx

One Answer

By assuming that you want to redirect http to https. This is what I have as a config:

upstream jenkins {
  server jenkins:8080 fail_timeout=10;
}

server {
  listen 80;
  server_name _;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name _;

  # Add ssl related configs

  location / {

     client_max_body_size 200M;

     proxy_set_header        Host $host:$server_port;
     proxy_set_header        X-Real-IP $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header        X-Forwarded-Proto $scheme;

     proxy_redirect          http:// https://;
     proxy_pass              http://jenkins;
  }
}

In addition to this, the jenkins config updated with the server https://... url

Jenkins -> Manage Jenkins -> Configure System -> Jenkins Location -> Jenkins URL

Answered by kofemann on November 24, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP