Join Log in
Score:0
HeadKnockr avatar Server

Apache2 behind NGINX: MOD_REWRITE only works without HTTPS

mx flag
HeadKnockr

For days I can't get my head around the following problem:

We have an application (Faveo) which has two requirements for going through the setup wizard:

HTTPS & MOD_REWRITE.

Faveo is running on Apache2 with a ReverseProxy in front of it in our DMZ.

If I run our ReverseProxy with a simple

location / {
          proxy_pass http://XXX.XXX.XXX.XXX;
}

mod_rewrite (which is enabled Apache-Side, which serves Faveo) seems to work and the Faveo-Wizard turns green.

However - The Application is not served with HTTPS.

Therefore I can't click "Continue": Click me! (http; mod_rewrite)

If I now loop through the following arguments:

location / {
          proxy_pass http://xxx.xxx.xxx.xxx;

          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header host $http_host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Faveo is now called with HTTPS, but mod_rewrite does not work this time: Click me! (HTTPS; no mod_rewrite) This does not allow a click on "continue" either.

Do you have any ideas? How can I pass HTTPS down to Apache and still be able to use mod_rewrite on the Apache side of things?

NGINX-Config:

server {
        listen       80;
        server_name helpdesk.someurl.de;
        return 301 https://$server_name$request_uri;
}

server {
        listen       443 ssl http2;
        ssl_protocols TLSv1.2;
        server_name helpdesk.someurl.de;

        # Enable SSL
        ssl                     on;
        ssl_certificate      /etc/letsencrypt/live/someurl.de/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/someurl.de/privkey.pem;

        client_max_body_size    50M;
        ssl_session_timeout     5m;

        # Set global proxy settings
        proxy_read_timeout      360;

       location / {
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_pass http://XXX.XXX.XXX.XXX/;
        }

        error_log /var/log/nginx/helpdesk-ssl-error.log;
        access_log /var/log/nginx/helpdesk-ssl-access.log;
}

Apache2:

<VirtualHost *:80>
    ServerName helpdesk.someurl.de

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/faveo/public

    <Directory /var/www/faveo/public>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

If I now delete

proxy_set_header Host $http_host;

From the NGINX-Config, HTTPS is disabled but mod_rewrite works.

If it's enabled I get HTTPS served, but no mod_rewrite.

48
0 + 0
vidarlo avatar
ar flag
vidarlo
You have to configure Nginx to accept TLS connections as well.
0
Reply
HeadKnockr avatar
mx flag
HeadKnockr
@vidarlo You mean adding `ssl_protocols TLSv1.2 TLSv1.3;` to the NGINX-config?
0
Reply
djdomi avatar
za flag
djdomi
please share the full configuration of apache and nginx else this question is at the moment not on topic
0
Reply
HeadKnockr avatar
mx flag
HeadKnockr
@djdomi Done! :)
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.