Skip to content

Commit 993ce37

Browse files
MansourMMansourM
committed
🔼 added $resolved_proto map
 to ensure that the X-Forwarded-Proto and X-Forwarded-Scheme headers reflect the most accurate protocol. The resolved_proto variable prioritizes the X-Forwarded-Proto header (set by sources like Cloudflare or AWS) and falls back to $scheme when unavailable, then this value is used to set Scheme and Proto instead of $scheme
1 parent ec12d8f commit 993ce37

File tree

4 files changed

+13
-5
lines changed

4 files changed

+13
-5
lines changed

backend/templates/_location.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@
22
{{ advanced_config }}
33

44
proxy_set_header Host $host;
5-
proxy_set_header X-Forwarded-Scheme $scheme;
6-
proxy_set_header X-Forwarded-Proto $scheme;
5+
proxy_set_header X-Forwarded-Scheme $resolved_proto;
6+
proxy_set_header X-Forwarded-Proto $resolved_proto;
77
proxy_set_header X-Forwarded-For $remote_addr;
88
proxy_set_header X-Real-IP $remote_addr;
99

backend/templates/_resolved_proto_map.conf

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# Resolve the effective protocol: use X-Forwarded-Proto if set
2+
# (e.g., from proxies like Cloudflare or AWS)
3+
# otherwise fall back to the current scheme.
4+
map $http_x_forwarded_proto $resolved_proto {
5+
default $scheme;
6+
~.+ $http_x_forwarded_proto;
7+
}

backend/templates/proxy_host.conf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44

55
{% include "_hsts_map.conf" %}
66

7+
{% include "_resolved_proto_map.conf" %}
8+
79
server {
810
set $forward_scheme {{ forward_scheme }};
911
set $server "{{ forward_host }}";

docker/rootfs/etc/nginx/conf.d/include/proxy.conf

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
add_header X-Served-By $host;
22
proxy_set_header Host $host;
3-
proxy_set_header X-Forwarded-Scheme $scheme;
4-
proxy_set_header X-Forwarded-Proto $scheme;
3+
proxy_set_header X-Forwarded-Scheme $resolved_proto;
4+
proxy_set_header X-Forwarded-Proto $resolved_proto;
55
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
66
proxy_set_header X-Real-IP $remote_addr;
77
proxy_pass $forward_scheme://$server:$port$request_uri;
8-

0 commit comments

Comments
 (0)