listen proxy_protocol and rewrite redirect scheme
Francis Daly
francis at daoine.org
Sat Sep 17 12:22:28 UTC 2016
On Sat, Sep 17, 2016 at 03:11:20AM -0400, adrhc wrote:
Hi there,
> Oh, and I only want this change to apply to servers with "listen ...
> proxy_protocol" but not otherwise ...
That makes the initial code-change suggestion (where *all* adjusted
Location: headers would be https) insufficient.
If you decide that you want to provide the code to allow this feature,
then it might still be a useful first step, to learn whether that one
change is enough to have the desired output.
After that, you can worry about how best you should set your configuration
to enable it selectively.
Note that http://nginx.org/r/listen suggests that proxy_protocol is a
parameter to the listen directive, which suggests that you could have both
listen 8000;
listen 8001 proxy_protocol;
in the same server{} block; so whatever configuration you choose may need
to distinguish between "do https redirect here", and "do https redirect
here only if proxy_protocol was used".
(I have not used proxy_protocol, just read those docs.)
That is not impossible, but is another wrinkle that would have to be
designed correctly for if the patch were to be accepted into stock nginx,
I suspect.
Of course, if you are carrying your own patch, you don't have to care
whether it is acceptable to anyone else. So -- if you know that your
server{}s will either have proxy_protocol on all listen:s or on none,
then you could patch things so that the https redirection is just
configured per-server.
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list