I have to put a nginx reverse proxy in front of a web service for TLS termination which does 302 redirection only with query part of the URI:
GET /path/to/document?query=1
Host: 127.0.0.1
Returns 302 with
Location: ?query=2
nginx always builds the full URI but omitting the document, therefore the redirects don't work
GET /path/to/document?query=1
Host: example.com
Returns 302 with
Location: https://example.com/path/to/?query=2
I tried with proxy_redirect off;, but that doesn't change anything. What am I doing wrong?
Here's the config I currently use:
location / {
client_max_body_size 50M;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://ip.of.the.host/;
proxy_redirect off;
}
I could set proxy_redirect ~\?(.*)$ https://example.com/path/to/document?$1; but I'm sure I'll break something else.
How can I make nginx to just reply with the same Location path the upstream server does?
Thanks to @Tero Kilkanen I did a tcpdump on the nginx server and found out the upstream server was actually providing the wrong
Locationheader.After going through every header nginx sent to the upstream server and I still didn't get the same answer via curl I finally found the culprit: HTTP version!
nginx uses http/1.0 per default, and curl uses http/1.1, that's why in my previous testing this never came up.
Setting
proxy_http_version 1.1;fixes the problem!