nginx as backend: handle X-Forwarded-Proto (similar to NginxHttpRealIpModule / X-Real-Ip)
Daniel Hahler
genml at thequod.de
Fri May 7 19:20:53 MSD 2010
For reference, here is my current workaround.
Unfortunately, nobody had commented on the suggestion to handle
X-Forwarded-Proto in nginx. Yet?
set $my_https "off";
In server context:
if ($http_x_forwarded_proto = "https") {
set $my_https "on";
}
Then within location context:
fastcgi_param HTTPS $my_https;
Of course, you have to make sure that only you are setting
X-Forwarded-Proto headers from the frontend into the backend.
Cheers,
Daniel
On Wed, Oct 7, 2009 at 12:59 PM, Daniel Hahler <genml at thequod.de> wrote:
> Hi,
>
> when using nginx as backend, it would be useful to handle
> X-Forwarded-Proto in the same way X-Forwarded-For / X-Real-Ip can be
> handled, e.g.:
>
> frontend:
> proxy_set_header X-Forwarded-Proto $scheme;
>
> backend:
> set_scheme_from 10.122.1.80;
> real_scheme_header X-Forwarded-Proto;
>
>
> E.g. webfaction appears to use X-Forwarded-Ssl instead, which is "on"
> if activated (see http://www.cherrypy.org/changeset/1980).
>
> It would be nice, if nginx would handle "http", "https", "on" and
> "off" as value given in real_scheme_header, or add real_ssl_header to
> handle the "on"/"off"(?) case.
>
> Currently I'm using the following in the backend config, which is good
> enough as workaround, but just using $scheme here is preferred, of
> course:
> if ($http_x_forwarded_proto != "https") {
> rewrite ^(.*)$ https://$server_name$1 permanent;
> }
>
>
> Thanks,
> Daniel
>
> --
> http://daniel.hahler.de/
>
--
http://daniel.hahler.de/
More information about the nginx
mailing list