Jul 12, 2019

solved odoo redirect loop nginx ssl


1. proxy mode = true
2. url base = http
3. redirect to logout

if ($query_string ~ "^(.*)redirect=(.*)$") {
       set $args '';
       rewrite ^(.*)$ https://xxx.com/web/session/logout  permanent;

    }

test in HTTPS:

curl -v https://xxx.com/web/login?redirect=http%3A%2F%2Fxxx.com
*   Trying 66.96.239.122...
* TCP_NODELAY set
* Connected to xxx.com (66.96.239.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; CN=xxx.com
*  start date: Jun 26 00:51:45 2019 GMT
*  expire date: Jun 26 00:51:45 2020 GMT
*  subjectAltName: host "xxx.com" matched cert's "xxx.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=AlphaSSL CA - SHA256 - G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fe611006400)
> GET /web/login?redirect=http%3A%2F%2Fxxx.com HTTP/2
> Host: xxx.com
> User-Agent: curl/7.54.0
> Accept: */*
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 301 
< server: nginx/1.10.3 (Ubuntu)
< date: Thu, 11 Jul 2019 18:18:56 GMT
< content-type: text/html
< content-length: 194
< location: https://xxx.com/web/session/logout
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< content-security-policy: upgrade-insecure-requests
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>

* Connection #0 to host xxx.com left intact

test in HTTP :

curl -v http://xxx.com/web/login?redirect=http%3A%2F%2Fxxx.com
*   Trying 66.96.239.122...
* TCP_NODELAY set
* Connected to xxx.com (66.96.239.xxx) port 80 (#0)
> GET /web/login?redirect=http%3A%2F%2Fxxx.com HTTP/1.1
> Host: xxx.com
> User-Agent: curl/7.54.0
> Accept: */*
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.10.3 (Ubuntu)
< Date: Thu, 11 Jul 2019 18:27:46 GMT
< Content-Type: text/html
< Content-Length: 194
< Connection: keep-alive
< Location: https://xxx.com/web/session/logout
< Strict-Transport-Security: max-age=2592000
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>

* Connection #0 to host xxx.com left intact







.

1. proxy mode = true
2. url base = http
3. redirect to logout

if ($query_string ~ "^(.*)redirect=(.*)$") {
       set $args '';
       rewrite ^(.*)$ https://xxx.com/web/session/logout  permanent;

    }

test in HTTPS:

curl -v https://xxx.com/web/login?redirect=http%3A%2F%2Fxxx.com
*   Trying 66.96.239.122...
* TCP_NODELAY set
* Connected to xxx.com (66.96.239.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; CN=xxx.com
*  start date: Jun 26 00:51:45 2019 GMT
*  expire date: Jun 26 00:51:45 2020 GMT
*  subjectAltName: host "xxx.com" matched cert's "xxx.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=AlphaSSL CA - SHA256 - G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fe611006400)
> GET /web/login?redirect=http%3A%2F%2Fxxx.com HTTP/2
> Host: xxx.com
> User-Agent: curl/7.54.0
> Accept: */*
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 301 
< server: nginx/1.10.3 (Ubuntu)
< date: Thu, 11 Jul 2019 18:18:56 GMT
< content-type: text/html
< content-length: 194
< location: https://xxx.com/web/session/logout
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< content-security-policy: upgrade-insecure-requests
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>

* Connection #0 to host xxx.com left intact

test in HTTP :

curl -v http://xxx.com/web/login?redirect=http%3A%2F%2Fxxx.com
*   Trying 66.96.239.122...
* TCP_NODELAY set
* Connected to xxx.com (66.96.239.xxx) port 80 (#0)
> GET /web/login?redirect=http%3A%2F%2Fxxx.com HTTP/1.1
> Host: xxx.com
> User-Agent: curl/7.54.0
> Accept: */*
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.10.3 (Ubuntu)
< Date: Thu, 11 Jul 2019 18:27:46 GMT
< Content-Type: text/html
< Content-Length: 194
< Connection: keep-alive
< Location: https://xxx.com/web/session/logout
< Strict-Transport-Security: max-age=2592000
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>

* Connection #0 to host xxx.com left intact






No comments:

Post a Comment