From db562dbf1100da0bf4f6c0fbc4c9d56c6501c134 Mon Sep 17 00:00:00 2001 From: James Tanner Date: Thu, 25 Apr 2024 16:29:35 -0400 Subject: [PATCH] Use the upstream x-forwarded-proto header if possible. No-Issue Signed-off-by: James Tanner --- galaxy_ng/app/webserver_snippets/nginx.conf | 2 +- profiles/base/nginx/nginx.conf.j2 | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/galaxy_ng/app/webserver_snippets/nginx.conf b/galaxy_ng/app/webserver_snippets/nginx.conf index 1a9011cd50..ac8ba39675 100644 --- a/galaxy_ng/app/webserver_snippets/nginx.conf +++ b/galaxy_ng/app/webserver_snippets/nginx.conf @@ -11,7 +11,7 @@ location /ui/ { location /api/ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $x_forwarded_proto_header; proxy_set_header Host $http_host; # we don't want nginx trying to do something clever with # redirects, we set the Host: header above already. diff --git a/profiles/base/nginx/nginx.conf.j2 b/profiles/base/nginx/nginx.conf.j2 index 1c159f617d..c49c24ecb4 100644 --- a/profiles/base/nginx/nginx.conf.j2 +++ b/profiles/base/nginx/nginx.conf.j2 @@ -29,6 +29,11 @@ http { server 127.0.0.1:24817; } + map $http_x_forwarded_proto $x_forwarded_proto_header { + default $http_x_forwarded_proto; + "" $scheme; # If the header is empty or not present, use the current scheme + } + server { # Gunicorn docs suggest the use of the "deferred" directive on Linux. {% if https | default(false) -%}