Nginx – HTTPS variable in $_SERVER using nginx as reverse proxy

apache-2.2drupalhttpsnginxreverse-proxy

I'm using nginx as a reverse proxy in front of an apache with mod_php. My site is on https, and it would require the variable $_SERVER['HTTPS'] to be set 'on' to assemble some of the links correctly. My site is on drupal, so it is not an option to fix the code and check an other variable when deciding if the site runs under https.

Is there a way to fix the issue only with tweaking the nginx or apache configuration?

I found other people asking similar questions, but I did not found a solution that suits me, neither a clear statement that what I want is not possible.

(e.g.: HTTPS server/php variable not available,
Nginx : strip header on HTTP, add header on HTTPS)

Best Answer

You can use a directive SetEnv HTTPS "on" in Apache main configuration or in .htaccess to set the required variable to on unconditionally.

Or better - set it only if client address equals the address of Nginx frontend. In this case the variable won't be set if clients request Apache directly without SSL:

SetEnvIf Remote_Addr "NGINX_IP_ADDRESS" HTTPS=on

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

NGINX Reverse Proxy – URL Rewrite

Any redirect to localhost doesn't make sense from a remote system (e.g. client's Web browser). So the rewrite flags permanent (301) or redirect (302) are not usable in your case.

Please try following setup using a transparent rewrite rule:

location  /foo {
  rewrite /foo/(.*) /$1  break;
  proxy_pass         http://localhost:3200;
  proxy_redirect     off;
  proxy_set_header   Host $host;
}

Use curl -i to test your rewrites. A very subtle change to the rule can cause nginx to perform a redirect.

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

NGINX Reverse Proxy – URL Rewrite

Related Topic