listen proxy_protocol and rewrite redirect scheme

Francis Daly francis at daoine.org
Wed Sep 21 16:43:01 UTC 2016


On Wed, Sep 21, 2016 at 03:25:04AM -0400, adrhc wrote:

Hi there,

> Indeed the solution might look strange but it works (test it with e.g. https
> or http ://adrhc.go.ro/ffp).

It is good that it works.

The http redirect there does not include the port; the https redirect
does include the port, and it is the default port for https.

I'm just a bit surprised that "port_in_redirect off" does not also
work. But that's ok -- I'm often surprised.

> Would be nicer if would exists a variable like let's say $override_ssl which
> to force nginx consider it run a ssl request with all the consequences.

That variable will probably only exist after someone shows a need for it,
and after someone does the work to write the code.

I think that your use case is reasonable -- hide nginx-doing-http
behind an external ssl terminator -- but I don't know what is the set
of conditions under which you would want this ssl-rewrite to happen,
and how you would go about configuring that.

(You want it sort-of per-server, but not really, since you only want
it if proxy_protocol is in use and indicates that the initial request
was https.)

It looks like nobody else has had that particular use case, and was
willing to put the effort in to make it an nginx configurable.

> Again I thank you for your support.

You're welcome. The patch you have, you can carry for as long as you need,
so it not being added to stock nginx should not block you at all.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list