Need SSL state to be visible behind a double nginx proxy

Dave Cheney dave at
Thu Nov 6 23:51:06 MSK 2008

On 07/11/2008, at 1:26 AM, Nick Pearson wrote:

> The significance of listening on multiple ports is that the back-end  
> nginx can tell the Rails app that requests to port 4000 server were  
> originally made over http and that requests to port 4001 were  
> originally made over https.  I'll attempt to illustrate here (this  
> won't look right without a fixed-width font).

That shouldn't be necessary,

     proxy_set_header X_FORWARDED_PROTO https;

Is sufficient to tell rails that the request is secure. So this config  
on the backend server should be sufficent

server {
     # backend http
     listen 4000;

     proxy_pass http://rails:3000;


server {
     # backend https
     listen 4001;

     proxy_set_header X_FORWARDED_PROTO https;

     proxy_pass http:/rails:3000;

If the backend nginx will pass X_FORWARDED_PROTO from the front end  
server, the above shouldn't be necessary either.



More information about the nginx mailing list