Edit - I changed the question as I was wrong about where the error was coming from

I'm having some issues with my Openam deployment and was wondering if you can help.

My set up is as follows: 2 OpenAM servers are set up behind a load balancer (HAproxy). The load balancer is set up behind two reverse proxies (nginx). The two reverse proxies are ser up behind another load balancer (haproxy). So a request will go through Haproxy > nginx > Haproxy > openam

I can access the OpenAM web console through the reverse proxies without a problem. Everything works fine at this level.

The problem is when I access openam through the load balancer in front of the nginx serevrs.

My nginx server is running on port 443. When I access openam through haproxy > nginx >haproxy > openam, nginx it is redirecting the browser using the port 443. This is where the problem is occuring.

The load balancer url I access the login page with is http:/loadbalancerHostname:8090:openam/Login/UI. I can log in successfully. But after the log in the url changes to http:/loadbalancerHostname:443:openam/. The port should not change.

Why is nginx changing the port and how can I stop it?

nginx config :

server {
listen 443;
server_name  oamlb1;

location / {
    proxy_pass        http://oamlb1.mydomain.com:8080;
    proxy_set_header  X-Real-IP $remote_addr;
location /openam {
    proxy_pass        http://oamlb1.mydomain.com:8080;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  Host oamlb1.mydomain.com:8080;


haproxy config : (This file is for the servers. The file for the reverse proxies is idenical except it points to the reverse proxies)

listen http_proxy :8090
       mode http
       balance roundrobin
       option httpclose
       option forwardfor
       server webA oamreverseproxy1.mydomain.com:443
       option          forwardfor


  • 111
  • 5

2 Answers2


I guess you have problems with ProxyPassReverse: http://wiki.nginx.org/LikeApache

After a successful authentication OpenAM sends HTTP 302 in order to redirect the client to the goto URL or to the default goto URL (302 is not an error code..).

Peter Major
  • 136
  • 1
  • your right..the problem is not with OpenAM as I initially thought. Its with nginx. My nginx server is running on port 443. When I access openam through haproxy > nginx, nginx it is redirecting the browser using the port 443. This is where the problem is occuring. Not with OpenAM. – Travis Dec 04 '12 at 13:53

OpenAM login screen will send your browser a http redirect after login. The redirect is based on the HTTP host header from the original post to your protected application.

Try setting the alternate port number under advanced tab of openam agent configuration.

  • 21
  • 1