Fixing HTTP 307 Redirect Issue in Reverse Proxy Setup
1. Introduction
When setting up a reverse proxy (for example, using Nginx) in front of a backend service like Argo CD or any HTTPS-only application, you might encounter the error:
HTTP/1.1 307 Temporary Redirect Location: https://<backend-ip>:<port>/
This happens when the proxy forwards HTTP traffic to a backend that enforces HTTPS.
As a result, the backend keeps redirecting the request back to HTTPS, creating a continuous redirect loop.
2. Prerequisites
Before starting, make sure:
- You have SSH or console access to your web server.
- Ports 80 and 443 are open and accessible.
- The backend service (e.g., Argo CD) is running and reachable from the proxy server.
- You can test connectivity using:
$curl -IL http://<backend-ip>:<port> # should show 307 redirect$ curl -kIL https://<backend-ip>:<port>/ # should return 200 OK
3. Steps to Resolve
- Identify the cause
The proxy (Nginx) was usinghttp://to communicate with a backend that only supportshttps://.
This mismatch triggers the 307 redirect. - Update the proxy configuration
- Change the proxy URL from
http://<backend-ip>:<port>→https://<backend-ip>:<port>.Ensureproxy_ssl_verify off;if the backend uses a self-signed certificate. Add forwarded headers such as:X-Forwarded-Proto: https X-Forwarded-For: $proxy_add_x_forwarded_for
- Change the proxy URL from
- Reload the proxy service
$sudo nginx -t && sudo systemctl reload nginx - Verify the fix
$curl -IL http://yourdomain.com # should return 301 → https
$curl -IL https://yourdomain.com # should return 200 OK
The site should now open normally without looping redirects.
4. Conclusion
The HTTP 307 Temporary Redirect is not an error—it’s a signal that the backend accepts only HTTPS connections.
The issue occurs when your proxy tries to communicate with the backend over plain HTTP.
By updating the proxy to use HTTPS for backend connections and aligning the protocols, the loop is resolved, and secure communication is established end-to-end.
