Hi,
when using nginx as backend, it would be useful to handle
X-Forwarded-Proto in the same way X-Forwarded-For / X-Real-Ip can be
handled, e.g.:
frontend:
proxy_set_header X-Forwarded-Proto $scheme;
backend:
set_scheme_from 10.122.1.80;
real_scheme_header X-Forwarded-Proto;
E.g. webfaction appears to use X-Forwarded-Ssl instead, which is “on”
if activated (see Magazine de Communication Entreprises : Gagner en visibilité sur Internet).
It would be nice, if nginx would handle “http”, “https”, “on” and
“off” as value given in real_scheme_header, or add real_ssl_header to
handle the “on”/“off”(?) case.
Currently I’m using the following in the backend config, which is good
enough as workaround, but just using $scheme here is preferred, of
course:
if ($http_x_forwarded_proto != “https”) {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
Thanks,
Daniel