Nginx – http in the Location-header when the original request was made over https

apache-2.2httpsnginxtomcattomcat6

I am currently implementing https on our production environment, but I am scratching my head over a little thing here.

SSL is terminated in the load balancer and the flow in our stack is basically like this:

Production: Browser <- https -> Load balancer <- http -> Apache <- http -> Load balancer <- http -> Tomcat

Testing: Browser <- https -> nginx <- http -> Load balancer <- http -> Tomcat

When I access our login-page over HTTPS:

Request headers

POST /login/form HTTP/1.1
Host: www.example.org
Connection: keep-alive
Content-Length: 74
Cache-Control: max-age=0
Origin: https://www.example.org
Content-Type: application/x-www-form-urlencoded
Referer: https://www.example.org/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: nb,en-US;q=0.8,en;q=0.6

Response headers

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 17 Jan 2014 11:16:50 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: FOO=example
Location: http://www.example.org/portal
Strict-Transport-Security: max-age=31536000

I talked to a developer and he told me the following:

In the code there is sth like request.sendRedirect("/portal") and Tomcat does the rest.

I am able to reproduce the problem on the testing environment, although a bit different stack.

My questions:

Why do I get http as the scheme in the Location-header when the original request from the browser was made with https?
Is this an Apache mod_rewrite/mod_proxy or nginx problem?
Is this a problem with Tomcat?

Best Answer

You get http in the response headers because the request that reaches Apache is HTTP - the SSL has been stripped away at the load balancer. So from what Apache sees, it's just an HTTP request.

You can work around this by setting

ServerName https://www.example.org

in the global or virtual host configuration. This will override the default http scheme so Apache will send the response you want. The documentation for ServerName mentions this.

Related Solutions

Ubuntu – Running nph-script.cgi keeps outputting Server details at the end

We are seeing a similar issue with an nph-file that acts as gateway to Intersystems Caché (a database and web application server). Works fine as long as we don't use URL rewriting. Any request handled by URL rewriting produces the spurious header described above (at or near the bottom of the response content).

We tried to isolate the bug with a small Perl nph-script and had the same problem. Tested on different servers: Apache/2.2.11 on Ubuntu 9.04, Apache/2.2.9 on Debian 5.0 and Apache/2.0.52 on Red Hat EL 4.

Script nph-test.cgi in regular cgi-bin directory:

#!/usr/bin/perl -wT
use strict;
print "$ENV{SERVER_PROTOCOL} 200 OK\n";
print "Server: $ENV{SERVER_SOFTWARE}\n";
print "Content-Type: text/plain\n\n";

# Tell Perl not to buffer our output
$| = 1;

print "OK.";

URL Rewriting

RewriteEngine On
RewriteRule ^test/([0-9]+)$ /cgi-bin/nph-test.cgi

(in Apache .conf file, under Directory /var/www/)

Response

OK.
HTTP/1.1 200 OK
Date: Mon, 07 Dec 2009 09:44:40 GMT
Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.2 with Suhosin-Patch
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

Other sources describing the same or similar problems:

www.webmasterworld.com/perl/3575036.htm
www.webmasterworld.com/forum13/3590.htm
https://issues.apache.org/bugzilla/show_bug.cgi?id=22898

Using Content-Length works for the test-script, but doesn't solve our problem since we obviously can't change the nph-cgi executable that comes with Intersystems Caché.

As you say, this should probably be submitted to Apache, but the rules laid out at httpd.apache.org/bug_report.html are rather daunting. (I have limited knowledge of Apache.)

Apache won’t serve images larger than ~2K

A few things you can try:

Try setting EnableSendfile off in the Apache config and restart (see Apache core documentation). Also try EnableMMAP off (see here for a issue very similar to yours).
When testing with a browser make sure the cache is cleared and/or force the image to be reloaded.
Test with a variety of file sizes and types. Is it just PNG files, all images, etc...? Narrowing in on what image size works and what doesn't might help in the end.
Try testing another web server (lighttpd, nginx, ...) and see if they exhibit the same behavior. This should tell you if the issue is Apache specific or something on the server/network itself.
Download files both remotely and locally and see if the response is any different.

Best Answer

Related Solutions

Ubuntu – Running nph-script.cgi keeps outputting Server details at the end

Apache won’t serve images larger than ~2K

Related Topic