0

We are using nginx as a proxy for a java application (both in docker containers, but that's probably not relevant). When we try to reach the java application via a rest client a specific header, SM_USER gets lost within the proxy-pass. Strange thing is: if we use CURL or PHP Zend Framework or a Firefox rest add-on to do a request the proxy pass configuration works. But if we use a Java Spring rest client or soapUI the header gets lost. If we bypass the proxy it works from Java/soapUI as well.

We use the following nginx configuration:

server {
  listen 80;

  server_name devrest.example.com;
  root /devrestserver;
  underscores_in_headers on;

  location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_request_headers on;
    proxy_pass http://devrest:8080;
  }
}

As you can see we use underscores_in_headers on; and explicitly set proxy_pass_request_headers on; in the configuration.

A tcpdump before nginx takes over shows us the SM_USER header is reaching the server:

GET /resource/RoomType/ HTTP/1.1
    Accept: text/plain, application/json, application/*+json, */*
    Content-Type: application/json
    SM_USER: atnqtjrce0cjfve0fbjbsov2ff
    Accept-Language: de
    User-Agent: Java/1.7.0_71
    Host: devrest.example.com
    Connection: keep-alive

A tcpdump within the docker network (between the nginx proxy and the application) shows that the header dissapeared:

GET /resource/RoomType/ HTTP/1.0
    X-Forwarded-Host: devrest.example.com
    X-Forwarded-Server: devrest.example.com
    X-Forwarded-For: 78.132.28.121
    Host: devrest:8080
    Connection: close
    Accept: text/plain, application/json, application/*+json, */*
    Content-Type: application/json
    Accept-Language: de
    User-Agent: Java/1.7.0_71

I also tried 

proxy_pass_header SM_USER;

as recommended at the following link nginx passing back custom header

and I tried explicitly renaming the header by using the following: 

proxy_set_header X-siteminderuser $http_sm_user;

which worked totally fine when doing the CURL request but didn't show up at all using Java. It seems the SM_USER is filtered out even before $http_... variable takes effect.

If I rename the header in the java rest client and use

proxy_set_header SM_USER $http_x_siteminder_user;

it gets through but unfortunately it is very hard to get this changed in the original java rest client (which is a software from another company), so I would really appreciate any suggestions how I could get the SM_USER header passed through the nginx proxy. Can you help us please.

Community
  • 1
user394331
  • 3
  • 4

1 Answers1

1

Do you have another server section above this?

This thread on the nginx forum suggests that it only pays attention to the underscores_in_headers directive in the first server section.

Nick
  • 149
  • 8
  • 1
    Also appears [in the documentation](http://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers). I would advise using the directive at the `http` block level to avoid ambiguity. – Richard Smith Jan 11 '17 at 12:01
  • Thank you both, it works! I really had different server sections using the same directive and sorry that I overlooked that sentence in the docs.. But I don't fully get why it behaved differently whether we used curl or the java engine (and always the same depending on the client we used even on different machines) – user394331 Jan 11 '17 at 14:58
  • That's odd. Perhaps the curl client was hitting the default server block? (using the IP instead of host name? IPv6?). BTW I can see nginx is using HTTP/1.0 for the upstream request, you might get better performance if you force that to be 1.1. – Nick Jan 11 '17 at 17:00