From dba1bf66001133564d11d4b96a2a08cfbf154c5c Mon Sep 17 00:00:00 2001 From: Cyrill Troxler Date: Tue, 30 Jan 2024 14:37:46 +0100 Subject: [PATCH] fix: disable absolute redirects nginx will automatically redirect to paths with a trailing slash it is missing. But this lead to issues where nginx would redirect from HTTPS back to HTTP if it's running behind a proxy which already terminates TLS. As a workaround we configure nginx to do relative redirects that don't contain the scheme. --- assets/default.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/assets/default.conf b/assets/default.conf index 4ee17bd..388c5f7 100644 --- a/assets/default.conf +++ b/assets/default.conf @@ -193,6 +193,10 @@ $(( end )) # Specify files sent to client if specific file not requested (e.g. # GET www.example.com/). NGINX sends first existing file in the list. index index.html index.htm Default.htm; + + # this fixes cases where nginx would redirect https://whatever/path to + # http://whatever/path/ when behind a TLS terminating proxy. + absolute_redirect off; } $((- if .LastModifiedValue ))