From 16c9853dc22ce2d3ebe3a6d0afdb631620cac79e Mon Sep 17 00:00:00 2001 From: Konstantin L Date: Thu, 11 Feb 2016 23:54:32 +0300 Subject: [PATCH] Set appropriate X-Forwarded-Ssl header. --- README.md | 1 + nginx.tmpl | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 282010d..18e6fa3 100644 --- a/README.md +++ b/README.md @@ -226,6 +226,7 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; # Mitigate httpoxy attack (see README for details) diff --git a/nginx.tmpl b/nginx.tmpl index 20688da..3c6d4fc 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -38,6 +38,12 @@ map $http_upgrade $proxy_connection { '' close; } +# Set appropriate X-Forwarded-Ssl header +map $scheme $proxy_x_forwarded_ssl { + default off; + https on; +} + gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; log_format vhost '$host $remote_addr - $remote_user [$time_local] ' @@ -58,6 +64,7 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; # Mitigate httpoxy attack (see README for details)