Project

General

Profile

[Solved] Location redirects not getting rewritten in mod_proxy

Added by nethead25 3 months ago

Hi,

I'm trying to set up an SSL reverse proxy with lighttpd v1.4.55 and am running into an issue.

I have an HTTP-only application on port 8069 that I want to access via HTTPS on port 8070. The issue I am running into is that the application itself has some redirects baked in that are sending an http:// protocol header in the new URL like this:

< HTTP/1.1 303 See Other
< Content-Type: text/html; charset=utf-8
< Content-Length: 227
< Location: http://thing.domain.com:8070/web/login

If I manually paste the Location: into Chrome and add the https://, everything works fine. But this header is getting passed back directly to Chrome and is not getting redirected again to the HTTPS site, just returning an empty response. I've tried a few different versions of map-host-response and https-remap settings without any change.

Is there a way to have lighttpd intercept the Location: line and replace http with https?

server.modules += ( "mod_alias", "mod_proxy", "mod_openssl" )

$SERVER["socket"] == ":8070" {

  $HTTP["scheme"] == "http" {
   $HTTP["host"] =~ "(.*)" {
      url.redirect = ("^/(.*)" => "https://%1/$1" )
      url.redirect-code = 308
   }
  }
#  $HTTP["scheme"] == "https" {
    ssl.engine = "enable" 
    ssl.pemfile = "/etc/lighttpd/combined.pem" 
    ssl.ca-file =  "/etc/lighttpd/fullchain.pem" 
    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES128+EECDH:AES128+EDH" 
    ssl.honor-cipher-order  = "enable" 
    ssl.use-sslv2           = "disable" 
    ssl.use-sslv3           = "disable" 
    ssl.use-compression = "disable" 

    proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "8069" ) ) )
    proxy.header = ("map-host-response" => ("http:" => "https:"), "https-remap" => "enable")

 }
}


Replies (2)

RE: Location redirects not getting rewritten in mod_proxy - Added by gstrauss 3 months ago

proxy.header = ("map-host-response" => ("http:" => "https:"), "https-remap" => "enable")

"map-host-response" is for the the "host"/authority. http and https are schemes, not the authority.
You need to specify the authority in "map-host-response", and only when that matches does "https-remap" => "enable" also take effect.
e.g. proxy.header = ("map-host-response" => ("-" => "thing.domain.com:8070"), "https-remap" => "enable")

    (1-2/2)