Our documentation server at code.kx.com uses NGINX 1.12.2 under CentOS to serve static HTML. The firewall allows SSH, HTTP, HTTPS only. Our custom search engine runs as a HTTP server on port 5023 on the same machine.
The NGINX config file redirects HTTP to HTTPS.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name code.kx.com;
return 301 https://$server_name$request_uri;
}
It also reverse-proxies search requests by HTTP to the search engine, which returns HTML.
# Reverse-proxy to kxsearch-v2 service * 2018.12.21
location /v2/search {
proxy_pass http://127.0.0.1:5023/q/search;
}
The HTTP response appears as from code.kx.com:80, as can be seen by
curl -i https://code.kx.com/v2/search?query=iasc
Problem Visitors from behind three different corporate proxy servers report seeing the IP address of the search engine exposed. (It is of course the same IP address as code.kx.com.) In two cases their proxy servers deny access to the IP address. In the third, the browser alerts to the switch from HTTPs to HTTP, then again for the switch back to HTTPS, before displaying the results page.
This behaviour is as if the browsers were redirected to the backend server.
The NGINX documentation mentions nothing like this. Question 750605 has a similar configuration, but is trying only for redirection.
Best Answer
This turns out to be a duplicate of Unix/Linux question Nginx reverse proxy redirection.
The key part of the answer is
This sets the
Refererfield sent to my search engine. Evidently the response sent to the browser depends on the headers in the search engine’s response in ways I need to understand better.