REST API oauth returning 301 when behind nginx reverse proxy


I am running the latest version of Cuba Platform (7.2.13) with REST API addon (7.2.3). I am deploying an uberJar behind an nginx reverse proxy. The basic web site works fine (and has for a long time).

I confirm that web.xml contains com.haulmont.addon.restapi:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<web-app xmlns=""
    <!-- Application properties config files -->
    <!--Application components-->
        <param-value>com.haulmont.cuba com.haulmont.reports com.haulmont.charts de.diedavids.cuba.scheduledreports
            com.haulmont.addon.emailtemplates com.haulmont.addon.restapi</param-value>

Yet, when I try to execute an oauth request, I get a 301 - Moved Permanently error. If I run this same app directly from Studio locally, I can execute the oauth request just fine.

My nginx reverse proxy is very simple:

location /rade-rmbio {
  proxy_pass http://localhost:8160/rade-rmbio;

My uberjar execution command is:

/usr/bin/java -Dapp.home=/opt/app_home/rade-rmbio -DRadeCustomer=rade-rmbio -Dapp.user=***** -Dapp.pwd=****** -agentlib:jdwp=transport=dt_socket,address=8161,server=y,suspend=n -jar /opt/app_home/rade.jar -port 8160 -contextName rade-rmbio

I confirm that app.user and app.pwd are set correctly, of course. The web app works fine. It’s just the REST API that isn’t working.

Here’s the curl command I execute:

curl -s -X POST -H "Content-type: application/x-www-form-urlencoded" -H "Authorization: Basic $auth" -d "grant_type=password&username=****&password=****"

$auth is made by executing this:

export auth=$( echo -n "user:pwd " | base64 -w 0 ) contains:{noop}pwd

(Of course, “user” and “pwd” are not the real ones :wink: )

Here’s the result:

<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>

Any suggestions on where to look to make this work? Is there any other information I need to provide to help debug this?

Where does the site try redirect you to?
301 code isn’t just the 301. It tells where you should go.

Execute curl with -v option to see redirect destination.

AHA! I was not aware of the “-v” to see where the redirection went. We redirect from http to https. My script pointed to http by mistake. The oauth call now works.

Thanks for your help.