Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't stop redirect to HTTPS #33

Open
MrMMorris opened this issue May 11, 2017 · 4 comments
Open

Can't stop redirect to HTTPS #33

MrMMorris opened this issue May 11, 2017 · 4 comments

Comments

@MrMMorris
Copy link

hey been a while!

I have a setup that has nginx > varnish > apache.

when you hit nginx.blah.docker, it forces HTTPS because I tell it to:

server {
    listen         80;
    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name _;

    ssl                 on;
    ssl_certificate     /etc/nginx/ssl/self.pem;
    ssl_certificate_key /etc/nginx/ssl/self.key;

    location / {
      proxy_pass http://blah_varnish_1:80;
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-Port 443;
      proxy_set_header Host $host;
    }

    error_page   500 502 503 504  /50x.html;
      location = /50x.html {
    }
}

However, I also had it set up (not sure when it worked last) so that if you hit apache.blah.docker:8080 then it serves non-HTTPS and bypasses varnish:

AddHandler php5-script .php
AddType text/html .php

Listen 8080

<VirtualHost *:8080>
	DocumentRoot /var/www/html/docroot
</VirtualHost>

<Directory /var/www/html/docroot>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

Now, it seems that when I go to http://apache.blah.docker:8080, it gets forced to HTTPS which is not what I want (and chrome throws an error).

I see that with the http proxy, I should be able to set HTTPS_METHOD=noredirect on the apache container and it shouldn't redirect to HTTPS correct? I have tried and it doesn't seem to work.

Is there some way to disable the redirect to HTTPS entirely? I need to be able to hit nginx and it goes all the way through varnish and apache as HTTPS, but when hitting apache, it stays HTTP.

I don't really need the proxy handling any redirects for me.

Any ideas?
@codekitchen
Copy link
Owner

The proxy won't do anything with HTTPS unless you have certs loaded into the proxy container, did you do that as well? What does your proxy's nginx config look like when the containers are all running? docker exec dinghy_http_proxy cat /etc/nginx/conf.d/default.conf

@yoodame
Copy link

yoodame commented May 11, 2017
edited
Loading

@codekitchen I work with @MrMMorris. Here what the nginx config looks like:

# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
server {
  listen 80 default_server;
  server_name _;
  root /var/www/default/htdocs;
  error_page 404 /index.html;
}
upstream .db.graphite.docker {
	server 172.17.0.3:3306;
}
server {
	server_name .db.graphite.docker;
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://.db.graphite.docker;
	}
}
upstream .memcached.graphite.docker {
	server 172.17.0.4:11211;
}
server {
	server_name .memcached.graphite.docker;
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://.memcached.graphite.docker;
	}
}
upstream .nginx.graphite.docker {
	server 172.17.0.7:443;
}
server {
	server_name .nginx.graphite.docker;
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://.nginx.graphite.docker;
	}
}
upstream .web.graphite.docker {
	server 172.17.0.5:80;
}
server {
	server_name .web.graphite.docker;
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://.web.graphite.docker;
	}
}

@codekitchen
Copy link
Owner

Hm yeah, since you haven't added SSL certs to the proxy it's not even listening on port 443.

Oh and actually I missed before that you're hitting port 8080 with http://apache.blah.docker:8080. That is bypassing the proxy completely, the proxy only listens on port 80 (and 443 if you configure SSL). So what you're seeing doesn't have anything to do with the proxy at all, it must be something in your own application that's doing the redirect? Use docker ps to check which container is exposing port 8080 on the host, that'll tell you which container is doing this.

@MrMMorris
Copy link
Author

MrMMorris commented May 11, 2017 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@codekitchen @MrMMorris @yoodame