Incorrect redirect protocol when behind a reverse proxy

Jonathan Matthews contact at jpluscplusm.com
Thu Jul 25 10:11:02 UTC 2013


On 24 Jul 2013 23:03, "Glenn Maynard" <glenn at zewt.org> wrote:
>
> Our nginx server is running on Heroku, which proxies SSL.

What does this mean? Do you see SSL traffic, or do you mean heroku
terminates the ssl leaving you with http connections only?

> This mostly works fine, but nginx has one problem with it: since it
thinks the protocol is http, any redirects (such as trailing-slash
redirects) go to http instead of https.

Show us some config that generates these redirects.

> The usual fix for this is X-Forwarded-Proto, but nginx doesn't support
that yet

That doesn't make sense to me. What is there to support? You can just write
your redirect directives using X-F-P instead of hard coding the scheme.

> and I haven't found any way to configure it, eg. a configuration
directive to override the protocol.
> Nginx seems to decide whether redirects should go to http or https
entirely based on whether the connection has an SSL context associated
(ngx_http_header_filter), so it doesn't look like there's any way to affect
this in configuration.

You've gone into the code far too early IMHO. There's usually a way to
change nginx's behaviour in config.
>
> Is there any workaround?

Do all requests have x-f-p? 100%? Then just change your redirects to
reference it.

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130725/9c981d7a/attachment-0001.html>


More information about the nginx mailing list