mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2026-02-11 21:22:57 +00:00
187d21a0d5
When Nginx is behind another proxy server (like CloudFlare or AWS ALB), the force-SSL feature can cause redirect loops because Nginx sees the connection as plain HTTP while SSL is already handled upstream. This adds a new boolean option to trust the X-Forwarded-Proto header from upstream proxies. Changes: - Add `trust_forwarded_proto` column to proxy_host table (migration) - Update model and API schema to support the new boolean field - Modify force-ssl Nginx template to check X-Forwarded-Proto/X-Forwarded-Scheme - Add map directives in nginx.conf to validate and sanitize forwarded headers - Add advanced option toggle in frontend UI with i18n support (EN/ZH) - Set proxy headers from validated map variables instead of $scheme This allows administrators to control SSL redirect behavior when Nginx is deployed behind a TLS-terminating proxy.
31 lines
630 B
JavaScript
31 lines
630 B
JavaScript
import { migrate as logger } from "../logger.js";
|
|
|
|
const migrateName = "redirect_auto_scheme";
|
|
|
|
/**
|
|
* Migrate
|
|
*
|
|
* @see http://knexjs.org/#Schema
|
|
*
|
|
* @param {Object} knex
|
|
* @returns {Promise}
|
|
*/
|
|
const up = function (knex) {
|
|
return knex.schema.alterTable('proxy_host', (table) => {
|
|
table.tinyint('trust_forwarded_proto').notNullable().defaultTo(0);
|
|
});
|
|
};
|
|
|
|
/**
|
|
* Undo Migrate
|
|
*
|
|
* @param {Object} knex
|
|
* @returns {Promise}
|
|
*/
|
|
const down = function (knex) {
|
|
return knex.schema.alterTable('proxy_host', (table) => {
|
|
table.dropColumn('trust_forwarded_proto');
|
|
});
|
|
};
|
|
|
|
export { up, down }; |