0

I am creating an https connection to my WAR app at tomcat (localhost:8080/myApp).

Inside we have an Angular and Java app. I create nginx config and after review some similar questions here and here have that:

server {
    if ($https = "") {
            return 301 https://$host$request_uri;
    }
    listen  80;
    server_name my.app.com www.my.app.com;
    return 404;
}
server {
    server_name my.app.com www.my.app.com;
    access_log /var/log/nginx/expertry-access.log;
    error_log /var/log/nginx/expertry-error.log;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_pass http://localhost:8080/myApp/;        
    }

    location /myApp/min {
        alias /var/www/httpdocs/my.app.com/myApp/src/main/resources/static/min/;
    }

    location /assets/ {
        alias /var/www/httpdocs/my.app.com/myApp/src/main/resources/static/assets/;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/app.expertry.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.app.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Troubles is my.app.com/login page works fine, but after sent login form with some cred get 302 redirect to same page without any response and nothing happened at BE or Angular part.

What is wrong? May be some header reconfiguration need or smth else?

logs: 302 from network tab

Request URL:
https://my.app.com/login
Request Method:
POST
Status Code:
302 Found
Remote Address:
5.189.249.46:64062
Referrer Policy:
strict-origin-when-cross-origin
Cache-Control:
no-cache, no-store, max-age=0, must-revalidate
Connection:
keep-alive
Content-Length:
0
Date:
Mon, 25 Mar 2024 13:39:59 GMT
Expires:
0
Location:
https://my.app.com/login
Pragma:
no-cache
Server:
nginx/1.18.0 (Ubuntu)
Set-Cookie:
JSESSIONID=99630EAB249FF4578E12809749C2C72F; Path=/myApp; HttpOnly
X-Content-Type-Options:
nosniff
X-Frame-Options:
DENY
X-Xss-Protection:
1; mode=block
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding:
gzip, deflate, br, zstd
Accept-Language:
ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,uk;q=0.6
Cache-Control:
max-age=0
Connection:
keep-alive
Content-Length:
68
Content-Type:
application/x-www-form-urlencoded
Cookie:
_ga=GA1.2.1925035569.1710852928; _gid=GA1.2.2111176261.1711364383; _gat=1; _ga_K42MQL5WDW=GS1.2.1711373521.7.1.1711373994.0.0.0
Host:
my.app.com
Origin:
https://my.app.com
Referer:
https://my.app.com/login
Sec-Ch-Ua:
"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"
Sec-Ch-Ua-Mobile:
?0
Sec-Ch-Ua-Platform:
"Windows"
Sec-Fetch-Dest:
document
Sec-Fetch-Mode:
navigate
Sec-Fetch-Site:
same-origin
Sec-Fetch-User:
?1
Upgrade-Insecure-Requests:
1
User-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Payload : payload

And after that 200 OK:

Request URL:
https://my.app.com/login
Request Method:
GET
Status Code:
200 OK
Remote Address:
5.189.249.46:64062
Referrer Policy:
strict-origin-when-cross-origin
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 25 Mar 2024 13:39:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Application-Context: application:prod,git:443
Set-Cookie: JSESSIONID=3055B06B41BDEF5F8BEC05C36279A927; Path=/myApp; HttpOnly
Content-Language: ru-RU
Content-Encoding: gzip
GET /login HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,uk;q=0.6
Cache-Control: max-age=0
Connection: keep-alive
Cookie: _ga=GA1.2.1925035569.1710852928; _gid=GA1.2.2111176261.1711364383; _gat=1; _ga_K42MQL5WDW=GS1.2.1711373521.7.1.1711373994.0.0.0
Host: my.app.com
Referer: https://my.app.com/login
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"

UPD: Local I tested app with curl and get normal response without any 302 loop, just incorrect login and pass.

UPD2: Due to my experiment I drop any changes from server.xml and now problem with redirection loop gone, but one still here.

UPD3: For check from browser I use this code snippet and login page work properly expected

let formData = new FormData();
formData.append('_csrf:', 'c7db50b5-a653-4f67-8b73-7d79adc52da73');
formData.append('userName', 'sdasd');
formData.append('password', 'sdasd');
formData.append('remember', 'on');

fetch("/login",
    {
        body: formData,
        method: "post"
    })
6
  • welcome, are logs top secret or do you want to share them with us? ;) does the app already redirect, if yes then you have to use https on the backend
    – djdomi
    Commented Mar 22 at 19:21
  • @djdomi what log you want to see? Commented Mar 22 at 20:58
  • access and error loha from both Webserver while the issue happens. mostly I suggest reading How to Ask
    – djdomi
    Commented Mar 22 at 21:28
  • @djdomi I checked logs and added part in questions if you need more specific info ask me about that Commented Mar 25 at 11:19
  • The problem is most probably a misconfiguration in your application, which redirects to a different URL than the reverse proxy. Checking the actual 302 responses would help. Commented Mar 25 at 12:58

0

You must log in to answer this question.

Browse other questions tagged .