Nginx – Why Nginx reverse proxy shows http location

nginxreverse-proxyssl

I need help with my nginx configuration.

In this config I've got /svn location, that comes to apache http.

Apache is password protected (Basic Auth)
When accessing https://my.server.com/svn it shows the apache login prompt, but in it, I can see that it's trying to access http://127.0.0.1:81/ – I need to hide this information.

Also, when I click on Cancel button, it redirects me to http://127.0.0.1:81/ displaying 403.

So what I need, is to serve everything over https, and not show anybody what port I use for internal communication.

After a successful login it is also on http url and port 81, but when I add https manually, and remove port 81 it also works 😉

upstream subversion_hosts {
    server 127.0.0.1:81;
}

server {

        listen   80; ## listen for ipv4
        listen   [::]:80 default ipv6only=on; ## listen for ipv6

        # Set appropriately for virtual hosting and to use server_name_in_redirect
        server_name server.name.com;
        server_name_in_redirect off;

        location / {
                rewrite ^(.*) https://server.name.com$1 permanent;
        }
}

server {

        listen   443; ## listen for ipv4
        listen   [::]:443 default ipv6only=on; ## listen for ipv6

        # Set appropriately for virtual hosting and to use server_name_in_redirect
        server_name  server.name.com;
        server_name_in_redirect off;

        access_log  /var/log/nginx/server.name.com.access.log;
        error_log  /var/log/nginx/server.name.com.error.log;

        include /etc/nginx/proxy_opts;
        proxy_redirect off;

        # Note:  Adjust ssl_certificate{,_key} to custom SSL cert, if not
        #        using ssl-cert package
        ssl on;
        ssl_certificate /etc/ssl/xxxx;
        ssl_certificate_key /etc/ssl/xxxx;

        ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        keepalive_timeout    60;
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;


        # Note:  Must match the prefix used in thin configuration for redmine
        #        or / if no prefix configured
        location / {
                root   /usr/share/redmine/public;
                error_page 404  404.html;
                error_page 500 502 503 504  500.html;
                try_files $uri/index.html $uri.html $uri @redmine_thin_servers;
        }

        location /svn {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                set $fixed_destination $http_destination;
                if ( $http_destination ~* ^https(.*)$ )
                {
                    set $fixed_destination http$1;
                }

                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Ssl on;
                proxy_set_header Destination $fixed_destination;
                proxy_pass http://subversion_hosts;
        }

        }
}

Best Answer

Nginx proxy_redirect

You need to change the proxy_redirect variable so that the location header is changed in the response.

Related Topic