2

I'm pretty much stuck at this point. I've got a website, served up on Mizuno (A Jetty variant, I think) using Padrino (A sinatra variant), on port 8080, with Nginx listening at 80/443 to allow for SSL proxying to it.

The site has a login wall, where a user logs in, then is challenged, before being allowed access to the site. Whenever I access it through port 8080 directly, everything works as expected, however, when I go through Nginx, I can only reach the challenge page. It kicks me back out to the login page whenever I try to post my response to the challenge.

EDIT: Additionally, when I log in, the application does in fact log me in correctly. If I try to access the next page directly through port 8080, after getting kicked out via nginx, it allows access.

My nginx config is as below

server {
    listen 443;
    server_name secure.website.io;
    ssl_certificate ssl-bundle.crt;
    ssl_certificate_key website.key;
    ssl on;
    ssl_session_timeout 5m;
    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
    ssl_prefer_server_ciphers on;
    location / {
            proxy_redirect  off;
            proxy_set_header Host $http_host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-NginX-Proxy  true;
            client_max_body_size   10m;
            client_body_buffer_size        128k;
            proxy_connect_timeout  90;
            proxy_send_timeout     90;
            proxy_read_timeout     90;
            proxy_buffer_size      4k;
            proxy_buffers  4 32k;
            proxy_busy_buffers_size        64k;
            proxy_temp_file_write_size     64k;
            proxy_pass      http://127.0.0.1:8080;
    }
}
server {
    listen  80;
    server_name     secure.website.io;
    rewrite ^       https://$server_name$request_uri? permanent;
}

Am I missing something here?

rp.kelly
  • 21
  • 3
  • 1
    This sounds like an issue with the application, not with your nginx config (unless I'm missing something - it looks good to me). Do you see anything in the application logs which is relevant? – BE77Y Mar 26 '15 at 12:08
  • You reckon? I figured that it would be nginx, whenever I was able to use the site as expected when I access it directly. I'll go through application side stuff now. – rp.kelly Mar 26 '15 at 12:40
  • 1
    Well it's tough to say - as I say I don't see anything out-of-place in your configs (I use similar configurations to force SSL to reverse-proxied applications myself). Perhaps someone else will be able to spot something I haven't - it may be specific to a quirk of the application you're using for example. – BE77Y Mar 26 '15 at 12:47
  • [I am having a similar issue](http://stackoverflow.com/q/29313084/1275386). My config is very similar and serves up SSL termination. I am almost sure its my application configuration as there are no problems when I directly access either. I am making a Node.js application though. Love to hear your findings. – Brandon Clark Mar 28 '15 at 18:14
  • Hi Brandon, I've got a workaround to this issue - It may not be beneficial for Node.js, but I swapped my web server for Passenger, and used its ssl capabilities to cut nginx out entirely. – rp.kelly Mar 30 '15 at 14:10

1 Answers1

0

I have found a workaround for this. By swapping out Mizuno for Phusion Passenger, I was able to remove nginx from the mix entirely, and serve the SSL certificate using Passenger's configuration options.

rp.kelly
  • 21
  • 3