Can't stop redirect to HTTPS

[MrMMorris]

hey been a while!

I have a setup that has nginx > varnish > apache.

when you hit nginx.blah.docker, it forces HTTPS because I tell it to:

server {
    listen         80;
    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name _;

    ssl                 on;
    ssl_certificate     /etc/nginx/ssl/self.pem;
    ssl_certificate_key /etc/nginx/ssl/self.key;

    location / {
      proxy_pass http://blah_varnish_1:80;
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-Port 443;
      proxy_set_header Host $host;
    }

    error_page   500 502 503 504  /50x.html;
      location = /50x.html {
    }
}

However, I also had it set up (not sure when it worked last) so that if you hit apache.blah.docker:8080 then it serves non-HTTPS and bypasses varnish:

AddHandler php5-script .php
AddType text/html .php

Listen 8080

<VirtualHost *:8080>
	DocumentRoot /var/www/html/docroot
</VirtualHost>

<Directory /var/www/html/docroot>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

Now, it seems that when I go to http://apache.blah.docker:8080, it gets forced to HTTPS which is not what I want (and chrome throws an error).

I see that with the http proxy, I should be able to set HTTPS_METHOD=noredirect on the apache container and it shouldn't redirect to HTTPS correct? I have tried and it doesn't seem to work.

Is there some way to disable the redirect to HTTPS entirely? I need to be able to hit nginx and it goes all the way through varnish and apache as HTTPS, but when hitting apache, it stays HTTP.

I don't really need the proxy handling any redirects for me.

Any ideas?

[codekitchen]

The proxy won't do anything with HTTPS unless you have certs loaded into the proxy container, did you do that as well? What does your proxy's nginx config look like when the containers are all running? docker exec dinghy_http_proxy cat /etc/nginx/conf.d/default.conf

[yoodame]

@codekitchen I work with @MrMMorris. Here what the nginx config looks like:

# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
server {
  listen 80 default_server;
  server_name _;
  root /var/www/default/htdocs;
  error_page 404 /index.html;
}
upstream .db.graphite.docker {
	server 172.17.0.3:3306;
}
server {
	server_name .db.graphite.docker;
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://.db.graphite.docker;
	}
}
upstream .memcached.graphite.docker {
	server 172.17.0.4:11211;
}
server {
	server_name .memcached.graphite.docker;
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://.memcached.graphite.docker;
	}
}
upstream .nginx.graphite.docker {
	server 172.17.0.7:443;
}
server {
	server_name .nginx.graphite.docker;
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://.nginx.graphite.docker;
	}
}
upstream .web.graphite.docker {
	server 172.17.0.5:80;
}
server {
	server_name .web.graphite.docker;
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://.web.graphite.docker;
	}
}

[codekitchen]

Hm yeah, since you haven't added SSL certs to the proxy it's not even listening on port 443.

Oh and actually I missed before that you're hitting port 8080 with http://apache.blah.docker:8080. That is bypassing the proxy completely, the proxy only listens on port 80 (and 443 if you configure SSL). So what you're seeing doesn't have anything to do with the proxy at all, it must be something in your own application that's doing the redirect? Use docker ps to check which container is exposing port 8080 on the host, that'll tell you which container is doing this.

[MrMMorris]

Ah ok, I thought it might have been dinghy, but thanks for confirming it isn't. I will try and track down what is causing the redirect.

…

On May 12, 2017 2:24 AM, "Brian Palmer" ***@***.***> wrote: Hm yeah, since you haven't added SSL certs to the proxy it's not even listening on port 443. Oh and actually I missed before that you're hitting port 8080 with http://apache.blah.docker:8080. That is bypassing the proxy completely, the proxy only listens on port 80 (and 443 if you configure SSL). So what you're seeing doesn't have anything to do with the proxy at all, it must be something in your own application that's doing the redirect? Use docker ps to check which container is exposing port 8080 on the host, that'll tell you which container is doing this. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#33 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABbM6EQc-TXw1d2LQltgPjuhiO2cju1dks5r41J1gaJpZM4NYK5H> .