Nginx Infinite 302 redirect Loop when using 127.0.0.11 as resolver

  docker, docker-compose, linux, nginx

I have a war spring application which runs on a tomcat application server in a docker container, named ‘wiseportal’. I use docker-compose to run my application. when I request to ‘https://localhost:3456/portal/’ in my browser, I see infinite 302 redirect loop:

nginx_1       | 192.168.32.1 - - [14/May/2021:13:55:54 +0000] "GET /portal HTTP/1.1" 301 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "-"
nginx_1       | 192.168.32.1 - - [14/May/2021:13:55:54 +0000] "GET /portal/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "-"
nginx_1       | 192.168.32.1 - - [14/May/2021:13:56:04 +0000] "GET /portal/login?redirect_url=aHR0cHM6Ly9sb2NhbGhvc3Q6MzQ1Ni9wb3J0YWwv HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "-"
nginx_1       | 192.168.32.1 - - [14/May/2021:13:56:14 +0000] "GET /portal/login?redirect_url=aHR0cHM6Ly9sb2NhbGhvc3Q6MzQ1Ni9wb3J0YWwv HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "-"
nginx_1       | 192.168.32.1 - - [14/May/2021:13:56:24 +0000] "GET /portal/login?redirect_url=aHR0cHM6Ly9sb2NhbGhvc3Q6MzQ1Ni9wb3J0YWwv HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "-"
nginx_1       | 192.168.32.1 - - [14/May/2021:13:56:34 +0000] "GET /portal/login?redirect_url=aHR0cHM6Ly9sb2NhbGhvc3Q6MzQ1Ni9wb3J0YWwv HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "-"

I use below docker-compose to run my web application:

services:
  wiseportal:
    extends:
      file: portal.yml
      service: ${DB_ENGINE}
    hostname: 'wiseportal'
    depends_on:
      portaldb:
        condition: service_healthy
    networks:
      - wisenet

  nginx:
    image: ${DOCKER_MIRROR}/nginx
    hostname: 'nginx'
    ports:
      - 2345:2345
      - 3456:3456
      - 6336:6336
    volumes:
      - ./nginx/conf/default.conf:/etc/nginx/conf.d/default.conf
      - ./nginx/ssl:/etc/nginx/ssl
    depends_on:
      - "wiseportal"
    networks:
      - wisenet

  artemis:
    image: ${DOCKER_MIRROR}/vromero/activemq-artemis
    hostname: 'artemis'
    expose:
      - "61616"
    ports:
      - 61616:61616
    environment:
      DISABLE_SECURITY: 'true'
    networks:
      - wisenet

  portaldb:
    extends:
      file: db.yml
      service: ${DB_ENGINE}
    depends_on:
      - "artemis"
    networks:
      - wisenet

networks:
  wisenet:

My nginx config is:

server {

    listen 3456 ssl;
    listen 6336;

    ssl_certificate /etc/nginx/ssl/self.crt;
    ssl_certificate_key /etc/nginx/ssl/self.key;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location /portal/ {
        resolver 127.0.0.11 valid=10s ipv6=off;
        set $upstreamName http://wiseportal:6335;
        proxy_pass $upstreamName/portal/;
    }

    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_next_upstream timeout;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header oidc_claim_preferred_username "root";

}

When I use proxy_pass like below:

location /portal/ {
        proxy_pass http://wiseportal:6335/portal/;
    }

It works without problem, but as a requirement I need to use 127.0.0.11 resolver.
Thanks for any help.

Source: Docker Questions

LEAVE A COMMENT