Personal tools
You are here: Home Web Reverse Proxy And Cache Setting Nginx http 'X-Forward-*' headers on a reverse proxy
 

Setting Nginx http 'X-Forward-*' headers on a reverse proxy

X-Forward-For

These are notes and a collection of links relating to setting 'X-Forward' headers in a reverse proxy. This was done in response to trying to get the Nuget server plugin working on TeamCity server behind a TLS/SSL reverse proxy.

Example headers for a web site that is is on https, with the content server on http port 8111. Realistically the last few 'X-Forward-*' headers had little benefit.

location / {
  proxy_pass              http://upstream/;
  proxy_set_header        Host               $host;
  proxy_set_header        X-Real-IP          $remote_addr;
  proxy_set_header        X-Forwarded-For    $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Host   $host:443;
  proxy_set_header        X-Forwarded-Server $host;
  proxy_set_header        X-Forwarded-Port   443;
  proxy_set_header        X-Forwarded-Proto  https;
}

 

Catalina

When a Tomcat/servlet service behind a proxy doesn't follow the X-Forward headers, the following overrides in the connector configuration allow it to construct URI/URLs correctly:

<Connector 
        port="8111" protocol="org.apache.coyote.http11.Http11NioProtocol"
        connectionTimeout="60000"
        redirectPort="8543"
        useBodyEncodingForURI="true"
        socket.txBufSize="64000"
        socket.rxBufSize="64000"
        tcpNoDelay="1"
        proxyPort="443"
        proxyName="teamcity.lucidsolutions.co.nz"
        secure="true"
        scheme="https"  />

 

Links

Wikipedia

Stackoverflow

RFC

Misc

Tomcat/Cat

Document Actions