| Orangutanklaus |
02-28-2013 04:55 AM |
SSL termination via nginx for Tomcat backend
Hiho together,
I'm currently trying to implement a SSL termination for some Tomcat ASP server. I've decided to test various software and started with nginx under debian.
After a while I could get running nginx to handle normal HTTP communication. But when I switch to HTTPS the connection fails. For now I've made two site configurations, one for HTTP and one for HTTPS (for now it seems easier for me to get familiar with nginx). The /location part of both are the same while they differ slightly in the server configuration (HTTP vs. HTTPS). so here's the HTTPS configuraion:
PHP Code:
server {
listen 443;
ssl on;
server_name myhost.mydomain.de;
root /var/www/;
ssl_certificate /etc/nginx/ssl/crt/myhost.mydomain.de.sub.class1.server.ca.crt;
ssl_certificate_key /etc/nginx/ssl/key/myhost.mydomain.de.key;
ssl_ciphers SSLv3+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3;
ssl_session_cache shared:SSL:10m;
location /context/ {
access_log /var/log/nginx/context_access_log;
error_log /var/log/nginx/context_error_log;
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat-server:11080/;
proxy_redirect http://tomcat-server:11080/ http://this-server:80/context/;
proxy_buffering off;
proxy_store off;
proxy_connect_timeout 120;
proxy_send_timeout 120;
proxy_read_timeout 120;
}
}
THe communication between NGINX and the Tomcat server should run over normal HTTP. When I open http://myhost.mydomain.de/context everything works fine. But with HTTPS it doesn't. I noticed in the log files that nginx adds the root path to the request. E.G. /app/xfire/connectionVerifyService becomes /var/www/app/xfire/connectionVerifyService
I don't understand this behaviour with HTTPS while with HTTP it doesn't happen.
Regards
OK |
