On Thu, Dec 6, 2012 at 7:56 AM, Maxim Khitrov <[email protected]> wrote:
> Found a way around the problem with the following nginx configuration:
>
> location / {
> proxy_pass http://localhost:8080/;
> proxy_redirect http:// https://;
>
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> sub_filter http://<server_name> https://<server_name>;
> }
>
> Replace "<server_name>" in the sub_filter line, the variable
> $server_name doesn't seem to be working. This trick requires you to
> have the ngx_http_sub_module compiled:
>
> http://nginx.org/en/docs/http/ngx_http_sub_module.html
>
> A cleaner solution would be better, but I guess this will do for now.
>
> - Max
Ignore all of this, simply using "proxy_set_header HTTPS on;" is the
clean solution that I was looking for. While I was digging through the
cgi.c source, I also made a 2-line modification that allows for proper
handling of the X-Real-IP header. Would it be possible to get this
patch into the main tree?
- Max
--- src/cgi.c.orig 2012-12-06 13:07:39.000000000 -0500
+++ src/cgi.c 2012-12-06 13:07:44.000000000 -0500
@@ -1212,6 +1212,8 @@
#endif
}else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){
cgi_setenv("HTTP_USER_AGENT", zVal);
+ }else if( fossil_strcmp(zFieldName,"x-real-ip:")==0 ){
+ cgi_replace_parameter("REMOTE_ADDR", mprintf("%s",zVal));
}
}
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
