Question:
I want to configure Nginx reverse proxy server which will redirect all of the requests it gets by HTTP to my AWS Api Gateway endpoint which is HTTPS (its a GET method). (If you want to know why, the reason for this is that I have an AWS Lambda function which I want a 3rd party vendor to call via Api Gateway, but he currently has a bug with ssl_handshake with AWS, probably because of SNI. So I will give him this HTTP proxy server).
I’ve tried something like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
server { listen 80 default_server; listen [::]:80 default_server; server_name MY_SERVER_NAME; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass https://SOMETHING.execute-api.REGION.amazonaws.com/dev/RESOURCE/METHOD; proxy_ssl_server_name on; proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; proxy_buffering off; } } |
But currently I’m getting 403 from CloudFront when I try to call to
|
1 2 |
http://MY_SERVER_NAME |
I feel like I’m missing something in my SSL configurations at Nginx but I’m not sure what.
Answer:
Your issue was that you were setting the HTTP Host header that will be sent to AWS API Gateway to the wrong value.
API Gateway needs the HTTP Host header to be set to its own host, e.g. to SOMETHING.execute-api.REGION.amazonaws.com
So you should have:
|
1 2 |
proxy_set_header Host $proxy_host; |
instead of:
|
1 2 |
proxy_set_header Host $host; |
In fact you don’t have to explicitly set the proxy Host header because, if not set, Nginx will default it to $proxy_host
See Nginx docs on this