listen proxy_protocol and rewrite redirect scheme
francis at daoine.org
Fri Sep 16 18:46:56 UTC 2016
On Fri, Sep 16, 2016 at 11:12:16AM -0400, adrhc wrote:
> the browser request (https on 443) is received by sshttp which sends it to
> stunnel:1443 which proxy it to nginx:1080.
> When nginx receives the request it has $scheme = "http"; so, for any rewrite
> with "permanent" or "redirect" the Location header uses "http" while I
> really need "https" scheme.
> Is there any way for forcing nginx to change $scheme according to my will?
> or at least to generate the Location header with no scheme or with my
> desired scheme?
I think that stock nginx does not have a way to do this.
For any "rewrite" that you create, you can explicitly include "https://"
at the start -- but that will not help internally-generated things like
the trailing-slash redirect for directories.
If you want those, and your nginx is not doing its own ssl, I think you
would need a code change to get https: in the Location headers.
Not tested, but I suspect that removing four lines from
src/http/ngx_http_header_filter_module.c so that "*b->last++ ='s';" is
always called, might be enough for your newly-compiled nginx to always
redirect to https.
A proper fix would presumably involve a more general config option so
that it is selectable.
Francis Daly francis at daoine.org
More information about the nginx