Setting Nginx http 'X-Forward-*' headers on a reverse proxy
X-Forward-For
These are notes and a collection of links relating to setting 'X-Forward' headers in a reverse proxy. This was done in response to trying to get the Nuget server plugin working on TeamCity server behind a TLS/SSL reverse proxy.
Example headers for a web site that is is on https, with the content server on http port 8111. Realistically the last few 'X-Forward-*' headers had little benefit.
location / {
proxy_pass http://upstream/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:443;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto https;
}
Catalina
When a Tomcat/servlet service behind a proxy doesn't follow the X-Forward headers, the following overrides in the connector configuration allow it to construct URI/URLs correctly:
<Connector
port="8111" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="60000"
redirectPort="8543"
useBodyEncodingForURI="true"
socket.txBufSize="64000"
socket.rxBufSize="64000"
tcpNoDelay="1"
proxyPort="443"
proxyName="teamcity.lucidsolutions.co.nz"
secure="true"
scheme="https" />
Links
Wikipedia
- http://en.wikipedia.org/wiki/X-Forwarded-For
- https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Common_non-standard_request_fields
Stackoverflow
- http://stackoverflow.com/questions/13111080/what-is-a-full-specification-of-x-forwarded-proto-http-header
- http://stackoverflow.com/questions/19084340/real-life-usage-of-the-x-forwarded-host-header
RFC
Misc
- http://www.networkinghowtos.com/howto/set-the-x-forwarded-for-header-on-a-nginx-reverse-proxy-setup/
