I've followed the tutorials to configure nginx so that the app server
can determine whether the client is connected via https. The header
does not appear to be working, though. My nginx.conf file is attached
below. I'm trying to access the variable using: $_SERVER
['HTTP_HTTPS'] and it is always empty no matter whether the site is in
https or http mode. I've printed out all the server variables to make
sure it isn't hiding in there somewhere, but no dice. Anyone know
what I'm doing wrong? I need to know whether I'm in https so I can
serve up secure versions of my scripts.
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 30;
tcp_nodelay on;
include /etc/nginx/app-servers.include;
server {
listen 80;
if ( $remote_addr = 127.0.0.1 ) {
rewrite ^(.*)$ /500.html last;
return 302;
}
location / {
rewrite ^/my-account(.*) https://www.mysite.com/my-account$1
permanent;
rewrite ^/login(.*) https://www.mysite.com/login$1 permanent;
rewrite ^/administrator(.*) https://www.mysite.com/administrator$1
permanent;
proxy_pass http://backend;
proxy_buffering on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
error_page 500 501 = /500.html;
error_page 502 503 504 = /502.html;
error_page 404 = /404.html;
}
location /500.html {
root /var/www/nginx-default;
}
location /502.html {
root /var/www/nginx-default;
}
location /404.html {
root /var/www/nginx-default;
}
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/certs/www.mysite.com.cert;
ssl_certificate_key /etc/nginx/certs/www.mysite.com.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:!RC4+RSA:+HIGH:+MEDIUM:!LOW:!
SSLv2:!EXP;
ssl_prefer_server_ciphers on;
location /my-account {
proxy_pass http://backend;
proxy_buffering on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header HTTPS on;
error_page 500 501 = /500.html;
error_page 502 503 504 = /502.html;
error_page 404 = /404.html;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 15;
proxy_intercept_errors on;
}
location /login {
proxy_pass http://backend;
proxy_buffering on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header HTTPS on;
error_page 500 501 = /500.html;
error_page 502 503 504 = /502.html;
error_page 404 = /404.html;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 15;
proxy_intercept_errors on;
}
location /administrator {
proxy_pass http://backend;
proxy_buffering on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header HTTPS on;
error_page 500 501 = /500.html;
error_page 502 503 504 = /502.html;
error_page 404 = /404.html;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 15;
proxy_intercept_errors on;
}
location /info-pages {
rewrite ^/(.*) http://www.mysite.com/$1 permanent;
}
}
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/scalr-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
