I have Googled and looked at various sample SSL configurations and it seems like I've got things set up right, but there are two problems:
- When I load https://mysite.com, the lock that should appear in the upper right corner of the browser window does not appear.
- The Java application behind the scenes uses httpUtil.GetRequestURL() to get the current request and it is http://mysite.com.
I have tried setting the Host header to $host instead of $http_host, and I've tried setting proxy_redirect to set the URL to https, but neither had any effect.
My SSL config is below. Can someone please tell me what I've done wrong?
server {
listen 443;
server_name dev.mysite.com;
access_log /var/log/nginx/dev_mysite_access.log;
error_log /var/log/nginx/dev_mysite_error.log;
ssl on;
ssl_certificate /export/nginx/certs/mysite.com.crt;
ssl_certificate_key /export/nginx/certs/mysite.com.key;
location / {
# give site more time to respond
proxy_read_timeout 120;
# needed to forward user's IP address
proxy_set_header X-Real-IP $remote_addr;
# needed for HTTPS
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_pass http://localhost:8081;
}
}
Best Answer
We have a similar configuration at my work; nginx terminates SSL and passes raw HTTP back to tomcat. Our application uses multiple domain names.
We've found that it is sufficient to add the lines to
server.xml:proxyName was not required, nor were any other changes, neither to tomcat nor to nginx.