0

I have a setup comprised by 2 nginx instances connected one after the other. The first one is on one server (A) and the second one is on a second server (B):

user <-> nginx (A) <-> nginx (B) <-> api frontend (B)
                                 <-> api backend (B)

Server (A) is protected by SSL, and then forwards requests to server (B) using proxy_pass. This is from A's config:

location / {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $http_host;
  proxy_pass http://B;
}

And a simlar things happen on (B), to pass all the requests to the actual application (there are other location directives, but this one is the relevant one):

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://api_frontend;
}

I'm having problems with session cookies. The application (api frontend) correctly sets the cookies and I can see them with the browser inspector. However, when the application reads cookies, it only receives some cookies but not the session one. I think there is some kind of problem with the double nginx configuration.

user168317
  • 145
  • 7
  • Not sure this is an Nginx issue. It appears that all the information is being passed back to the client, anything not being passed/read between the two api parts would more than likely be code related. It also seems a little odd to reverse proxy twice? Why not send directly to the API directly from the server A – Drifter104 Aug 09 '18 at 08:53
  • @Drifter104 Indeed, the client sets the cookie correctly. However, on the api frontend I only see 1/4 of the cookies that I see in the Chrome inspector. I don't care about any of the missing cookies, except the session cookie which I really need. The reason I reverse proxy twice is because this allows me to do maintenance/upgrade the API server without having downtime. I just clone the B server, change the IP in A's configuration and I can work on the original B. – user168317 Aug 09 '18 at 09:07
  • What is the path of the cookie and is this all the configuration for the server(s) – Drifter104 Aug 09 '18 at 09:34
  • @Drifter104 The path is `/`. I have verified that both nginx instances receive the session cookie by changing the log format. So the problem is clearly that the cookie is not being passed to my application. Here is the whole config for the nginx instance on the B server: https://gist.github.com/rubik/0ebaf5d78bd0659853081a0f2613796e – user168317 Aug 09 '18 at 10:41
  • @Drifter104 I ended up setting the cookie manually like this: `proxy_set_header Cookie "session=$cookie_session";`. This is all it took to make it work. Damn, 3 hours wasted... – user168317 Aug 09 '18 at 11:05

1 Answers1

0

For some reason the cookie was passed from nginx (A) to nginx (B), but not to the application. I don't know why that is the case but I have solved my issue with the following addition to the location body:

proxy_set_header Cookie "session=$cookie_session"

where session is the name of the cookie of interest.

user168317
  • 145
  • 7