Home > Software engineering >  Nginx SSL termination with load balancing not working
Nginx SSL termination with load balancing not working

Time:08-01

When my Nginx configuration is as follows and the backend tomcat is running on 8080, Nginx is not able to communicate to upstream and redirecting browser to https://backend:

upstream backend {
    ip_hash;
       server localhost:8080;
       server 10.10.1.240:80 down;
}
server {
    listen 80;
    listen 443 ssl;
    server_name ...;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_certificate ...;
    ssl_certificate_key ...;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

       location / {
        proxy_pass http://backend;

    }
}

But when my Nginx configuration is as follows and the backend tomcat is running on 8443, everything is working fine but SSL termination goal is not achieved:

upstream backend {
    ip_hash;
       server localhost:8443;
       server 10.10.1.240:80 down;
}
server {
    listen 80;
    listen 443 ssl;
    server_name ...;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_certificate ...;
    ssl_certificate_key ...;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

       location / {
        proxy_pass https://backend;

    }
}

CodePudding user response:

Removing the following from the web.xml file of the upstream tomcat solved the problem.

<security-constraint>
        <web-resource-collection>
        <web-resource-name>Automatic Forward to HTTPS/SSL
        </web-resource-name>
        <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>
  • Related