Hi to community.
Want to ask some help, but we are faced with a simple problem, i hope.
HaProxy must Implement SSL termination and turn http to https, and stands between Nginx and the World.
The Nginx and HaProxy are connected through the socket - haproxy.sock
My software: nginx-devel 1.11.7
HA-Proxy 1.7.2
NGINX HTTP only
THE WORLD <-->-HTTPS--public_IP:443 --<-haproxy.sock->--HTTP--Frontend <-> Backend <-> Varnish, PHP-FPM
The problem:
HAProxy returns to the World:
---------------------------------------------
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
--------------------------------------------
But the backend is working and returns all pages correctly.
Besides, the robots.txt is accessible from the world.
nginx.conf
--------------------------
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
user www;
worker_processes auto;
worker_rlimit_nofile 40000;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
map $http_x_forwarded_proto $fastcgi_https {
default off;
https on;
}
# BackEnd
server {
listen X.X.X.X:80;
listen 127.0.0.1:8080; #For Varnish
server_name mydomain.com;
root /site/root/dir;
index index.php index.html index.htm;
error_page 404 /404.html;
server_tokens off;
error_page 404 500 502 503 504 = /404.html;
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last;
try_files $uri $uri/ /index.php$is_args$args;
error_page 404 /index.php?controller=404;
location / {
fastcgi_index index.php;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
try_files $uri $uri/ /index.php?$args;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|woff|woff2)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
try_files $uri $uri/ /index.php?$args;
}
# HTTP Frontend
server {
listen unix:/path/to/haproxy.sock;
set_real_ip_from unix:;
real_ip_header X-Forwarded-For;
server_name mydomain.com;
proxy_headers_hash_max_size 512;
gzip on;
gzip_min_length 1024;
gzip_buffers 40 8k;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
gzip_disable "msie6";
gzip_proxied expired no-cache no-store private auth;
sendfile on;
tcp_nopush on;
location / {
proxy_pass http://127.0.0.1:80; #Varnish
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|woff|woff2|ttf)$ {
root /site/root/dir;
proxy_ignore_headers Cache-Control Expires;
add_header Cache-Control public;
expires max;
access_log off;
}
location = /robots.txt {
root /site/root/dir;
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
}
---------------------------------------------------------
HAProxy request log: - Error.
----------------------------------
00000013:www-https.clireq[0008:ffffffff]: GET /index.php HTTP/1.1
00000013:www-https.clihdr[0008:ffffffff]: Host: mydomain.com
00000013:www-https.clihdr[0008:ffffffff]: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
00000013:www-https.clihdr[0008:ffffffff]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000013:www-https.clihdr[0008:ffffffff]: Accept-Language: en-US,en;q=0.5
00000013:www-https.clihdr[0008:ffffffff]: Accept-Encoding: gzip, deflate
00000013:www-https.clihdr[0008:ffffffff]: Connection: keep-alive
00000013:www-https.clihdr[0008:ffffffff]: Cache-Control: max-age=0
00000013:www-backend.srvrep[0008:0009]: HTTP/1.1 301 Moved
00000013:www-backend.srvhdr[0008:0009]: Server: nginx
00000013:www-backend.srvhdr[0008:0009]: Date: Thu, 09 Feb 2017 16:46:10 GMT
00000013:www-backend.srvhdr[0008:0009]: Content-Type: text/html; charset=utf-8
00000013:www-backend.srvhdr[0008:0009]: Content-Length: 20
00000013:www-backend.srvhdr[0008:0009]: Connection: close
00000013:www-backend.srvhdr[0008:0009]: Cache-Control: no-cache
00000013:www-backend.srvhdr[0008:0009]: Location: http://mydomain.com/index.php
00000013:www-backend.srvhdr[0008:0009]: Content-Encoding: gzip
00000013:www-backend.srvhdr[0008:0009]: Vary: Accept-Encoding
00000013:www-backend.srvhdr[0008:0009]: Age: 0
00000015:www-https.clicls[0008:ffffffff]
00000015:www-https.closed[0008:ffffffff]
--------------------------------------------------
HAProxy robots.txt request log: success
---------------------------------------------------
00000000:www-https.accept(0006)=0008 from [207.244.70.35:36957]
00000000:www-https.clireq[0008:ffffffff]: GET /robots.txt HTTP/1.1
00000000:www-https.clihdr[0008:ffffffff]: Host: mydomain.com
00000000:www-https.clihdr[0008:ffffffff]: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
00000000:www-https.clihdr[0008:ffffffff]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000000:www-https.clihdr[0008:ffffffff]: Accept-Language: en-US,en;q=0.5
00000000:www-https.clihdr[0008:ffffffff]: Accept-Encoding: gzip, deflate
00000000:www-https.clihdr[0008:ffffffff]: Connection: keep-alive
00000000:www-https.clihdr[0008:ffffffff]: Cache-Control: max-age=0
00000000:www-backend.srvrep[0008:0009]: HTTP/1.1 200 OK
00000000:www-backend.srvhdr[0008:0009]: Server: nginx
00000000:www-backend.srvhdr[0008:0009]: Date: Thu, 09 Feb 2017 16:43:12 GMT
00000000:www-backend.srvhdr[0008:0009]: Content-Type: text/plain
00000000:www-backend.srvhdr[0008:0009]: Last-Modified: Sun, 18 Dec 2016 04:42:43 GMT
00000000:www-backend.srvhdr[0008:0009]: Transfer-Encoding: chunked
00000000:www-backend.srvhdr[0008:0009]: Connection: close
00000000:www-backend.srvhdr[0008:0009]: ETag: W/"585613c3-679"
00000000:www-backend.srvhdr[0008:0009]: Content-Encoding: gzip
-----------------------------------------------------------------------------
Since the robots.txt returns to the world correctly, my problem in the nginx.conf, i think.
I just in a deadlock, my brain does not working at all today ..... please, help me.
Want to ask some help, but we are faced with a simple problem, i hope.
HaProxy must Implement SSL termination and turn http to https, and stands between Nginx and the World.
The Nginx and HaProxy are connected through the socket - haproxy.sock
My software: nginx-devel 1.11.7
HA-Proxy 1.7.2
NGINX HTTP only
THE WORLD <-->-HTTPS--public_IP:443 --<-haproxy.sock->--HTTP--Frontend <-> Backend <-> Varnish, PHP-FPM
The problem:
HAProxy returns to the World:
---------------------------------------------
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
--------------------------------------------
But the backend is working and returns all pages correctly.
Besides, the robots.txt is accessible from the world.
nginx.conf
--------------------------
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
user www;
worker_processes auto;
worker_rlimit_nofile 40000;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
map $http_x_forwarded_proto $fastcgi_https {
default off;
https on;
}
# BackEnd
server {
listen X.X.X.X:80;
listen 127.0.0.1:8080; #For Varnish
server_name mydomain.com;
root /site/root/dir;
index index.php index.html index.htm;
error_page 404 /404.html;
server_tokens off;
error_page 404 500 502 503 504 = /404.html;
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last;
try_files $uri $uri/ /index.php$is_args$args;
error_page 404 /index.php?controller=404;
location / {
fastcgi_index index.php;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
try_files $uri $uri/ /index.php?$args;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|woff|woff2)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
try_files $uri $uri/ /index.php?$args;
}
# HTTP Frontend
server {
listen unix:/path/to/haproxy.sock;
set_real_ip_from unix:;
real_ip_header X-Forwarded-For;
server_name mydomain.com;
proxy_headers_hash_max_size 512;
gzip on;
gzip_min_length 1024;
gzip_buffers 40 8k;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
gzip_disable "msie6";
gzip_proxied expired no-cache no-store private auth;
sendfile on;
tcp_nopush on;
location / {
proxy_pass http://127.0.0.1:80; #Varnish
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|woff|woff2|ttf)$ {
root /site/root/dir;
proxy_ignore_headers Cache-Control Expires;
add_header Cache-Control public;
expires max;
access_log off;
}
location = /robots.txt {
root /site/root/dir;
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
}
---------------------------------------------------------
HAProxy request log: - Error.
----------------------------------
00000013:www-https.clireq[0008:ffffffff]: GET /index.php HTTP/1.1
00000013:www-https.clihdr[0008:ffffffff]: Host: mydomain.com
00000013:www-https.clihdr[0008:ffffffff]: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
00000013:www-https.clihdr[0008:ffffffff]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000013:www-https.clihdr[0008:ffffffff]: Accept-Language: en-US,en;q=0.5
00000013:www-https.clihdr[0008:ffffffff]: Accept-Encoding: gzip, deflate
00000013:www-https.clihdr[0008:ffffffff]: Connection: keep-alive
00000013:www-https.clihdr[0008:ffffffff]: Cache-Control: max-age=0
00000013:www-backend.srvrep[0008:0009]: HTTP/1.1 301 Moved
00000013:www-backend.srvhdr[0008:0009]: Server: nginx
00000013:www-backend.srvhdr[0008:0009]: Date: Thu, 09 Feb 2017 16:46:10 GMT
00000013:www-backend.srvhdr[0008:0009]: Content-Type: text/html; charset=utf-8
00000013:www-backend.srvhdr[0008:0009]: Content-Length: 20
00000013:www-backend.srvhdr[0008:0009]: Connection: close
00000013:www-backend.srvhdr[0008:0009]: Cache-Control: no-cache
00000013:www-backend.srvhdr[0008:0009]: Location: http://mydomain.com/index.php
00000013:www-backend.srvhdr[0008:0009]: Content-Encoding: gzip
00000013:www-backend.srvhdr[0008:0009]: Vary: Accept-Encoding
00000013:www-backend.srvhdr[0008:0009]: Age: 0
00000015:www-https.clicls[0008:ffffffff]
00000015:www-https.closed[0008:ffffffff]
--------------------------------------------------
HAProxy robots.txt request log: success
---------------------------------------------------
00000000:www-https.accept(0006)=0008 from [207.244.70.35:36957]
00000000:www-https.clireq[0008:ffffffff]: GET /robots.txt HTTP/1.1
00000000:www-https.clihdr[0008:ffffffff]: Host: mydomain.com
00000000:www-https.clihdr[0008:ffffffff]: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
00000000:www-https.clihdr[0008:ffffffff]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000000:www-https.clihdr[0008:ffffffff]: Accept-Language: en-US,en;q=0.5
00000000:www-https.clihdr[0008:ffffffff]: Accept-Encoding: gzip, deflate
00000000:www-https.clihdr[0008:ffffffff]: Connection: keep-alive
00000000:www-https.clihdr[0008:ffffffff]: Cache-Control: max-age=0
00000000:www-backend.srvrep[0008:0009]: HTTP/1.1 200 OK
00000000:www-backend.srvhdr[0008:0009]: Server: nginx
00000000:www-backend.srvhdr[0008:0009]: Date: Thu, 09 Feb 2017 16:43:12 GMT
00000000:www-backend.srvhdr[0008:0009]: Content-Type: text/plain
00000000:www-backend.srvhdr[0008:0009]: Last-Modified: Sun, 18 Dec 2016 04:42:43 GMT
00000000:www-backend.srvhdr[0008:0009]: Transfer-Encoding: chunked
00000000:www-backend.srvhdr[0008:0009]: Connection: close
00000000:www-backend.srvhdr[0008:0009]: ETag: W/"585613c3-679"
00000000:www-backend.srvhdr[0008:0009]: Content-Encoding: gzip
-----------------------------------------------------------------------------
Since the robots.txt returns to the world correctly, my problem in the nginx.conf, i think.
I just in a deadlock, my brain does not working at all today ..... please, help me.