We have a Bloomreach deployment on AWS that looks like the following:
External ALB (80/443) → nginx (80/443) → Internal ALB (8080) → Bloomreach HST (8080)
The architecture includes an external ALB (application load balancer) which reverse proxies back to nginx instances. These nginx instances then forward (most) requests back to an internal ALB which in turn proxies requests back to Bloomreach HST instances.
Right now, the Bloomreach instance sees the incorrect value of X-Forwarded-Proto. This is because the Internal ALB overwrites the value of the header to ‘http’, because the internal ALB is configured with HTTP listeners only. It doesn’t appear to be possible to preserve the value of the header using ALBs.
One way to fix this might be to write a servlet filter early in the request cycle to fix the value of the X-Forwarded-Proto before handing off to the Hippo filter chain. We’d have to do that for each instance of Bloomreach.
Another possible fix would be to replace the internal ALB with an NLB (network load balancer), thus stopping it from trying to do anything with HTTP headers. However, using an ALB provides some useful monitoring, so that’s not without consequence.
I wondered if other folk have run into the same problem, and how they’ve solved it?
Also, is there another header I can add to the request using nginx that will take precedence over the overwritten X-Forwarded-Proto header?