nginx as backend: handle X-Forwarded-Proto (similar to NginxHttpRealIpModule / X-Real-Ip)
Igor Sysoev
igor at sysoev.ru
Sat May 8 01:11:12 MSD 2010
On Fri, May 07, 2010 at 05:20:53PM +0200, Daniel Hahler wrote:
> For reference, here is my current workaround.
>
> Unfortunately, nobody had commented on the suggestion to handle
> X-Forwarded-Proto in nginx. Yet?
>
>
> set $my_https "off";
>
> In server context:
> if ($http_x_forwarded_proto = "https") {
> set $my_https "on";
> }
>
> Then within location context:
> fastcgi_param HTTPS $my_https;
>
>
> Of course, you have to make sure that only you are setting
> X-Forwarded-Proto headers from the frontend into the backend.
More faster way:
http {
map $http_x_forwarded_proto $https {
default off;
https on;
}
...
fastcgi_param HTTPS $https;
> Cheers,
> Daniel
>
> On Wed, Oct 7, 2009 at 12:59 PM, Daniel Hahler <genml at thequod.de> wrote:
> > Hi,
> >
> > when using nginx as backend, it would be useful to handle
> > X-Forwarded-Proto in the same way X-Forwarded-For / X-Real-Ip can be
> > handled, e.g.:
> >
> > frontend:
> > proxy_set_header X-Forwarded-Proto $scheme;
> >
> > backend:
> > set_scheme_from 10.122.1.80;
> > real_scheme_header X-Forwarded-Proto;
> >
> >
> > E.g. webfaction appears to use X-Forwarded-Ssl instead, which is "on"
> > if activated (see http://www.cherrypy.org/changeset/1980).
> >
> > It would be nice, if nginx would handle "http", "https", "on" and
> > "off" as value given in real_scheme_header, or add real_ssl_header to
> > handle the "on"/"off"(?) case.
> >
> > Currently I'm using the following in the backend config, which is good
> > enough as workaround, but just using $scheme here is preferred, of
> > course:
> > if ($http_x_forwarded_proto != "https") {
> > rewrite ^(.*)$ https://$server_name$1 permanent;
> > }
> >
> >
> > Thanks,
> > Daniel
> >
> > --
> > http://daniel.hahler.de/
> >
>
>
>
> --
> http://daniel.hahler.de/
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list