spring HATEOAS links issue for HTTP and HTTPS

Question

I am using Spring HATEOAS in my web application. My application runs behind a Nginx webserver. I am sending following url with HTTPS header

Answer 1

As you mentioned in the comments your application runs behind a webserver. In this case Nginx.

You are using some sort of

linkTo(methodOn(MyController.class).myMethod(name)).withSelfRel());

to generate links. In this case take a look at ControllerLinkBuilder. As you can see in line 190 Spring HATEOAS builds a link based on the current request. In addition, request header X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Ssl are queried and used if available.

That is what you missed to configure in order to build proper links with Spring HATEOAS.

Because you complain that only https is missing in your links, Nginx already sets X-Forwarded-For but skips X-Forwarded-Proto. I assume that Nginx and your application communicate over http otherwise you wouldn't have trouble. You can ignore X-Forwarded-Ssl. It is only relevant if Nginx and your application talking over https. In that case you wouldn't see any issue either.

Below you find a complete Nginx location block for reference. X-Forwarded-Proto has been set to https in order to inform the proxied system that links have to contain https in any URLs (only if backend system processes aforedmetnioned request header).

location /yourapp {
    proxy_pass http://localhost:8080/yourapp;
    proxy_redirect default;
    proxy_set_header  Host               $http_host;
    proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto  https;
}

For further reading please consult Nginx documentation for the http_proxy_module.