php HTTPS $_SERVER variable?

Marcus Clyne maccaday at gmail.com
Sun Aug 16 07:44:56 MSD 2009


Hi,

Ilan Berkner wrote:
> Thanks, I am currently using a shared block for both.
>
> What would be the exact syntax?  I tried different variations with no 
> success :-(.
>
> something like:
>
> if ($server_port = 443)
> {
> fastcgi_param HTTPS on;
> }
>
> looking for confirmation that the above is correct nginx syntax...
The syntax is correct, but it won't do what you expect (probably) and 
isn't the best approach anyway.

A more efficient way would be to add the setting based on the server - 
then the checks are made at conf-read time, rather than at runtime for 
each request.

e.g.

server {
    ...
    listen   443;
    ...
    location   \.php$ {

       include   fastcgi_params;
       fastcgi_param   HTTPS   on;
    }
}

server {
    ...
    listen   80;
    ...
    location   \.php$ {

       include   fastcgi_params;
    }
}

If you have all your fastcgi settings in a separate file (the 
fastcgi_params is just the name I've given to a file with them in, with 
the base as that of your nginx.conf file), then include it, then you'll 
have them all in both locations/servers whilst setting them in one file.

The problem with your if($server_port = 443) ... above is probably that 
you've got it at the server level, not inside your location block.  With 
fastcgi_param's, if you add a new setting in a lower-level block (e.g. a 
location block as opposed to a server block), then all the settings are 
over-ridden and you need to reset them all (hence the best way of doing 
so being to include an external file).

I think that:

location \.php$ {
    if ($server_port = 443) {
       fastcgi_param   HTTPS   on;
       include   fastcgi_params;
    }
}

would work, but it's a very bad way of achieving the above server config.

If you have similar configurations for the SSL/non-SSL server, then put 
the configurations into a separate file/files and include them like above.

Good luck!

Marcus.

>
> On Sat, Aug 15, 2009 at 1:30 PM, Michael Shadle <mike503 at gmail.com 
> <mailto:mike503 at gmail.com>> wrote:
>
>     You only set it in your server block that is for SSL.
>
>     If you use a shared block for both, I'm not sure; perhaps there could
>     be if ($request_port = 80) { } type deal put in?
>
>     On Fri, Aug 14, 2009 at 11:36 PM, Ilan Berkner<iberkner at gmail.com
>     <mailto:iberkner at gmail.com>> wrote:
>     > Some of our software relies on the $_SERVER['HTTPS'] PHP
>     variable to be set
>     > to "on" when accessing pages via https://.  So far  I've found:
>     >
>     > fastcgi_params HTTPS on;
>     >
>     > but this turns it on for all pages, regardless of HTTP or HTTPS
>     request
>     > setting.
>     >
>     > What am I missing?
>     >
>     > When I add the HTTPS on parameter, our code works (i.e. detects
>     HTTPS in
>     > $_SERVER) but for every page, HTTP or HTTPs
>     >
>
>






More information about the nginx mailing list