Hello,
I’m going a bit crazy here and hoping for some help. I’ve set up a new
Mailman installation on FreeBSD. The system is set as follows:
Web ↔ nginx SSL termination and reverse proxy ↔ nginx + fcgiwrap +
Mailman
When I try to access https://lists.mydomain.com or
https://lists.mydomain.com/ it redirects me to
https://lists.mydomain.com:8000/mailman/listinfo which of course fails.
If I access https://lists.mydomain.com/mailman/listinfo directly or any
URL except the main one, it works as expected.
I have tried multiple options including:
port_in_redirect off;
proxy_bind $host:443;
proxy_redirect off;
Nothing seems to be working.
Proxy settings for nginx front end: server
location / {
proxy_pass http://10.0.250.37:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_redirect off;
proxy_set_header Host $host;
[snip]
}
Backend server uses fastcgi for Python via fcgiwrap. Any help would be
appreciated.
–
Jim O.
“Never argue with a fool, onlookers may not be able to tell the
difference.” - Mark Twain
On 21 Apr 2016, at 17:09, Jim O. [email protected] wrote:
I have tried multiple options including:
proxy_set_header X-Real-IP $remote_addr;
Backend server uses fastcgi for Python via fcgiwrap. Any help would be
appreciated.
proxy_redirect on;
–
Igor S.
On 21 Apr 2016, at 17:14, Igor S. [email protected] wrote:
If I access https://lists.mydomain.com/mailman/listinfo directly or any URL
except the main one, it works as expected.
location / {
}
Backend server uses fastcgi for Python via fcgiwrap. Any help would be
appreciated.
proxy_redirect on;
Sorry, no.
proxy_redirect https://lists.mydomain.com:8000/ /;
–
Igor S.
Hello,
On 4/21/16 10:17 AM, Igor S. wrote:
When I try to access https://lists.mydomain.com or https://lists.mydomain.com/
it redirects me to https://lists.mydomain.com:8000/mailman/listinfo which of
course fails.
Proxy settings for nginx front end: server
Same result. I believe I had tried it already. To make certain I wasn’t
seeing a cached response I checked with curl:
curl -I https://lists.mydomain.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.9.14
Date: Thu, 21 Apr 2016 14:34:27 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://lists.mydomain.com:8000/mailman/listinfo
Strict-Transport-Security: max-age=31536000
So it’s actually redirecting to http. I have
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
set on the backend server so this is puzzling.
–
Jim O.
“Never argue with a fool, onlookers may not be able to tell the
difference.” - Mark Twain
On 21 Apr 2016, at 17:41, Jim O. [email protected] wrote:
proxy_redirect off;
proxy_set_header Connection “”;
Sorry, no.
Date: Thu, 21 Apr 2016 14:34:27 GMT
set on the backend server so this is puzzling.
Then you need:
-proxy_redirect https://lists.mydomain.com:8000/ /;
+proxy_redirect http://lists.mydomain.com:8000/ /;
The first parameter should be equal to the beginning
of string in Location header. Also you can specify several
proxy_redirect directives.
–
Igor S.
Hello,
On 4/21/16 10:14 AM, Igor S. wrote:
If I access https://lists.mydomain.com/mailman/listinfo directly or any URL
except the main one, it works as expected.
location / {
}
Backend server uses fastcgi for Python via fcgiwrap. Any help would be
appreciated.
proxy_redirect on;
Thanks, Igor. Now I am getting this error:
nginx: [emerg] invalid parameter “on” in
/usr/local/etc/nginx/sites-enabled/lists.mydomain.com:67
–
Jim O.
“Never argue with a fool, onlookers may not be able to tell the
difference.” - Mark Twain
Hello,
On 4/21/16 10:51 AM, Igor S. wrote:
port_in_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect on;
HTTP/1.1 301 Moved Permanently
fastcgi_param HTTPS on;
of string in Location header. Also you can specify several
proxy_redirect directives.
That worked. Thank you, Igor! It’s good to see you on the English list.
Reminds me of the old days of 0.6.x (OK, not as old as some, but it’s
been awhile).
–
Jim O.
“Never argue with a fool, onlookers may not be able to tell the
difference.” - Mark Twain
On Thu, Apr 21, 2016 at 10:41:24AM -0400, Jim O. wrote:
On 4/21/16 10:17 AM, Igor S. wrote:
On 21 Apr 2016, at 17:09, Jim O. [email protected] wrote:
Hi there,
location / {
proxy_pass http://10.0.250.37:8000;
proxy_set_header Host $host;
proxy_redirect https://lists.mydomain.com:8000/ /;
Same result. I believe I had tried it already. To make certain I
wasn’t seeing a cached response I checked with curl:
curl -I https://lists.mydomain.com
Location: http://lists.mydomain.com:8000/mailman/listinfo
If that is the line that comes back from the proxy_pass’ed server to
nginx, then you want
proxy_redirect http://lists.mydomain.com:8000/ /;
(where the first argument to proxy_redirect is the string that you want
to replace with the second argument, allowing for scheme://host to be
added later.)
If you can do without the “proxy_set_header Host” line, then you can
possibly do without proxy_redirect altogether (as in: use
“proxy_redirect
default;” implicitly).
f
Francis D. [email protected]
Hello,
On 4/21/16 10:55 AM, Francis D. wrote:
proxy_redirect https://lists.mydomain.com:8000/ /;
f
Thanks, Francis. That did work.
–
Jim O.
“Never argue with a fool, onlookers may not be able to tell the
difference.” - Mark Twain