listen proxy_protocol and rewrite redirect scheme
Francis Daly
francis at daoine.org
Tue Sep 20 19:37:04 UTC 2016
On Sat, Sep 17, 2016 at 03:41:34PM -0400, adrhc wrote:
Hi there,
> The final working setup:
>
> src/http/ngx_http_header_filter_module.c:
> #if (NGX_HTTP_SSL)
> if (c->ssl || port == 443) {
> *b->last++ ='s';
> }
> #endif
This will work in your circumstances -- you compile with ssl (although
you don't appear to use it); and your proxy_protocol means that "port"
is presented as 443.
So you should be able to carry this patch for as long as you need it.
It won't work in general, because of the various circumstances and lack
of configurability. But that's not a problem here :-)
> In order to work nginx needs this config:
> server {
> listen 127.0.0.1:443 proxy_protocol;
> port_in_redirect on;
I'm not sure why the port_in_redirect in redirect should be needed;
but you've tested it and it works as-is, so can be left that way.
> fastcgi_params:
> fastcgi_param HTTPS "on";
> fastcgi_param SERVER_PORT "443";
"HTTPS" tells php to ensure that links are to the https url; I would have
thought that SERVER_PORT would have been handled by the proxy_protocol
thing. But again: this works for you, and that is what matters here.
Good that you found a solution, and thanks for sharing it so that those
who search the archive have something to refer to.
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list