NGINX do not pass response header

Question

I have a java spring application running on port 8080, this app should return a header 'x-auth-token', this app run behind nginx reverse proxy.

The application correctly produce the header, When i request directly to it (bypassing nginx):

http://169.54.76.123:8080

it responds with the header in the set of response headers

but when i make the request through the nginx reverse proxy, the header does not appear

https://169.54.76.123

nginx handles ssl termination.

my nginx conf file

upstream loadbalancer {
    server 169.54.76.123:8080 ;
}

server {
    listen      169.54.76.123:80;
    server_name api.ecom.com;
    return 301 https://api.ecom.com$request_uri;
}
server {
    listen 169.54.76.123:443 ssl;
    keepalive_timeout   70;
    server_name api.ecom.com;

    ssl_certificate /etc/ssl/api_chained.cert ;
    ssl_certificate_key /etc/ssl/api.key ;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 SSLv3 SSLv2;
    ssl_ciphers         ALL:!ADH:RC4+RSA:HIGH:!aNULL:!MD5;

    charset utf-8;

    location / {
        proxy_pass http://loadbalancer/$request_uri ;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

The question is: Why nGinx do not pass the 'x-auth-token' to the response?

How to include it into the response?

I tried to get the value in a variable, but it seems that nGinx do not have it:

I used $sent_http_x_auth_token and $upstream_htto_x_auth_token but these variables does not contain any values (i think)

I tried adding the header myself using these variables:

add_header x-auth-token $sent_http_x_auth_token; with no success

also tried:

add_header x-auth-token $upstream_http_x_auth_token; with no success either.

also, I tried:

proxy_pass_header x-auth-token;

with no success

What is the problem? How can i debug it? which part prevents or blocks the 'x-auth-header'? the upstream or the proxy or what?

Thanks for any help

Answer 1

Normally you should have to do anything because nginx does not remove custom headers from the response.

You could use the log_format directive to track the execution of the request, for instance with something like

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent '
                  'X-Auth-Token: "$sent_http_x_auth_token"';

access_log  logs/access.log  main;

in you location context.

When you check, do you get a 200 response code that confirms the request succeeded?

Answer 2

The sent_ prefix should not be there. The correct way to log customer headers is to prefix them with http_ and then write the customer header all lowercase and convert dashes (-) to underscores (_). For example 'Custom-Header' would be http_custom_header

So the correct way to log this is:

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_x_auth_token"';

access_log  logs/access.log  main;

Also please be aware that if your header contains underscores you will need to explicitly allow this by adding this in your nginx config:

underscores_in_headers on

If you want to test your custom header, you can use curl:

curl -v -H "Custom-Header: any value that you want" http://www.yourdomain.com/path/to/endpoint

The -H will add the header and -v will show you both the request and response headers that are sent