When my Nginx configuration is as follows and the backend tomcat is running on 8080, Nginx is not able to communicate to upstream and redirecting browser to https://backend
:
upstream backend {
ip_hash;
server localhost:8080;
server 10.10.1.240:80 down;
}
server {
listen 80;
listen 443 ssl;
server_name ...;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
location / {
proxy_pass http://backend;
}
}
But when my Nginx configuration is as follows and the backend tomcat is running on 8443, everything is working fine but SSL termination goal is not achieved:
upstream backend {
ip_hash;
server localhost:8443;
server 10.10.1.240:80 down;
}
server {
listen 80;
listen 443 ssl;
server_name ...;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
location / {
proxy_pass https://backend;
}
}
CodePudding user response:
Removing the following from the web.xml file of the upstream tomcat solved the problem.
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic Forward to HTTPS/SSL
</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>