nginx erroneously redirecting to https

Francis Daly francis at
Sat Dec 29 14:27:00 UTC 2012

On Thu, Dec 27, 2012 at 11:27:43AM -0500, Gulaholic wrote:

Hi there,

> I'm starting to figure these all out.
> I think there are problems with these files: function.cms_stylesheet.php and
> function.metadata.php. They are probably conflict with Nginx configuration.

There's not much nginx-specific here. It is pretty much all down to the
application, and how you want to deploy it.

The application seems to be built assuming that some pages will only
be accessed over https. You seem to want to run it without using https
at all.

This apparent conflict must be resolved by you.

If you decide that you want to run with https, then you configure things
one way. If you decide that you want to run the application without https,
then you configure things another way.

The main difference from the nginx side is when you choose to send
"HTTPS on" to the application -- if you choose to run without https,
then you probably want to lie to the application and always say "HTTPS
on". Otherwise, you only send "HTTPS on" when you actually have an
ssl-enabled connection to the browser.

(Note: lying to the application about this strongly suggests that any
security problems that arise are your fault, not the application's.)

> Why the script thinks Nginx configuration ($_SERVER['HTTPS) is on?

In this case, it doesn't. You've not read the correct part of the
application code correctly.

If you can describe what you want nginx to do, someone here may be able
to help you with the nginx configuration.

Francis Daly        francis at

More information about the nginx mailing list