I'm trying to create a SSL proxy for a web management console running on localhost and having no SSL support.
Here is my config:
server {
listen 111.222.1.1:8443 ssl;
server_name admin.company.com;
ssl_certificate tls/ssl.crt;
ssl_certificate_key tls/ssl.key;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
#error_page 497 https://admin.company.com:8443$request_uri;
location / {
proxy_pass http://127.0.0.1:8080/;
}
}
The proxied service is quite sophisticated and uses a lot of Post/Redirect/Get operations, network monitor shows they're all involving "http://admin.company.com:8443" and thus causing the subj.
Adding error_page 497
(commented out) solves GETs and redirects, but makes POSTs impossible. Is there any solution to this, one IP and one port configuration, which would proxy both GET and POST requests?
UPD:
The application behind proxy is a Java servlet running in the insecure mode, so I believe this is where "http" comes from, it simply takes proxied hostname and builds up URLs with "http" explicitly set.
Best Answer
I don't have enough rep to comment. But I would suggest you check your upstream, and also check other nginx conf files and make sure that they are targeting specific ips and not a wildcard e.g. listen *:8443 ssl; or something. This way it doesn't fallback.