nginx as backend: handle X-Forwarded-Proto (similar to NginxHttpRealIpModule / X-Real-Ip)

Daniel Hahler genml at thequod.de
Fri May 7 19:20:53 MSD 2010


For reference, here is my current workaround.

Unfortunately, nobody had commented on the suggestion to handle
X-Forwarded-Proto in nginx. Yet?


set $my_https "off";

In server context:
if ($http_x_forwarded_proto = "https") {
    set $my_https "on";
}

Then within location context:
fastcgi_param  HTTPS    $my_https;


Of course, you have to make sure that only you are setting
X-Forwarded-Proto headers from the frontend into the backend.


Cheers,
Daniel

On Wed, Oct 7, 2009 at 12:59 PM, Daniel Hahler <genml at thequod.de> wrote:
> Hi,
>
> when using nginx as backend, it would be useful to handle
> X-Forwarded-Proto in the same way X-Forwarded-For / X-Real-Ip can be
> handled, e.g.:
>
> frontend:
>    proxy_set_header        X-Forwarded-Proto $scheme;
>
> backend:
>    set_scheme_from   10.122.1.80;
>    real_scheme_header     X-Forwarded-Proto;
>
>
> E.g. webfaction appears to use X-Forwarded-Ssl instead, which is "on"
> if activated (see http://www.cherrypy.org/changeset/1980).
>
> It would be nice, if nginx would handle "http", "https", "on" and
> "off" as value given in real_scheme_header, or add real_ssl_header to
> handle the "on"/"off"(?) case.
>
> Currently I'm using the following in the backend config, which is good
> enough as workaround, but just using $scheme here is preferred, of
> course:
>    if ($http_x_forwarded_proto != "https") {
>        rewrite ^(.*)$ https://$server_name$1 permanent;
>    }
>
>
> Thanks,
> Daniel
>
> --
> http://daniel.hahler.de/
>



-- 
http://daniel.hahler.de/



More information about the nginx mailing list