mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2026-02-12 13:42:57 +00:00
187d21a0d5
When Nginx is behind another proxy server (like CloudFlare or AWS ALB), the force-SSL feature can cause redirect loops because Nginx sees the connection as plain HTTP while SSL is already handled upstream. This adds a new boolean option to trust the X-Forwarded-Proto header from upstream proxies. Changes: - Add `trust_forwarded_proto` column to proxy_host table (migration) - Update model and API schema to support the new boolean field - Modify force-ssl Nginx template to check X-Forwarded-Proto/X-Forwarded-Scheme - Add map directives in nginx.conf to validate and sanitize forwarded headers - Add advanced option toggle in frontend UI with i18n support (EN/ZH) - Set proxy headers from validated map variables instead of $scheme This allows administrators to control SSL redirect behavior when Nginx is deployed behind a TLS-terminating proxy.
30 lines
598 B
Plaintext
30 lines
598 B
Plaintext
set $test "";
|
|
if ($scheme = "http") {
|
|
set $test "H";
|
|
}
|
|
if ($request_uri = /.well-known/acme-challenge/test-challenge) {
|
|
set $test "${test}T";
|
|
}
|
|
|
|
# Check if the ssl staff has been handled
|
|
set $test_proto "";
|
|
if ($trust_forwarded_proto = T){
|
|
set $test_proto "${test_proto}T";
|
|
}
|
|
if ($http_x_forwarded_proto = "https") {
|
|
set $test_proto "${test_proto}S";
|
|
}
|
|
if ($http_x_forwarded_scheme = "https") {
|
|
set $test_proto "${test_proto}S";
|
|
}
|
|
if ($test_proto = "TSS") {
|
|
set $test_proto "TS";
|
|
}
|
|
if ($test_proto = "TS") {
|
|
set $test "${test}S";
|
|
}
|
|
|
|
if ($test = H) {
|
|
return 301 https://$host$request_uri;
|
|
}
|