1

Akamai passes the HTTPS request to Nginx and Nginx drops HTTPS from the request as it performs a redirect. Here are the results from curl:

$ curl -v -L https://oursite.com/life/facts-and-arguments/ 2>&1 | egrep "^(<|>) (Host:|Location:|Server:|GET|HTTP)"
> GET /life/facts-and-arguments/ HTTP/1.1
> Host: oursite.com
< HTTP/1.1 301 Moved Permanently
< Server: openresty/1.13.6.1
< Location: http://oursite.com/life/first-person/ #Extra hop we're trying to avoid
> GET /life/first-person/ HTTP/1.1 
> Host: oursite.com
< HTTP/1.1 301 Moved Permanently
< Server: AkamaiGHost
< Location: https://oursite.com/life/first-person/
> GET /life/first-person/ HTTP/1.1
> Host: oursite.com
< HTTP/1.1 200 OK
< Server: openresty/1.13.6.1

Is there any way to have Nginx retain HTTPS while it performs a redirect so it doesn't go through this extra hop? I've tried configs similar to this: Thanks!

location ~ ^(?!(/a/|/b/|/c/))(([^.]*[^/]))$ {
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $host;
    set $redir_location $http_x_forwarded_proto://$host;
    rewrite ^(?!(/a/|/b/|/c/))(([^.]*[^/]))$ $redir_location$2/ permanent;
    }
greenpenguin
  • 13
  • 2

1 Answers1

1

That nginx config block doesn't match your url. [^/]$ means that url shouldn't end with slash, yours does. The http: comes from your end application, probably not from nginx.

A side note. Don't redirect to $http_x_forwarded_proto://$host because you don't know if $http_x_forwarded_proto is set. This part is CDNs responsiblity, they should edit the HTTP 30x Location that you return. Simply make it $scheme://$host$2.

kubanczyk
  • 13,812
  • 5
  • 41
  • 55