Nginx: Detect HTTPS connection using a header
On my load balancer I terminate HTTPS connections with Nginx and then proxy the request to one of the web servers which are also backed by Nginx.
On the load balancer in fastcgi_params I have:
fastcgi_param HTTPS $https;
On the web servers there is a site that can only be accessed by HTTPS. How can I detect if the HTTPS param is set and if not redirect to the secure version of the site?
If I understand you correctly, your setup is something like this:
client -(http/https)-> nginx(front) -(http)-> nginx(back) -(fastcgi)-> app
There are actually 3 different places where redirection could be done:
On your front Nginx server, you can just do redirection when needed:
if ( $https != 'on' ) {
return 301 https://$host$request_uri;
}
If you cannot do this on the front Nginx server, you have to carry information on used protocol to back Nginx instance. Usual way is use of X-Forwarded-Proto header. You should add in appropriate place on your front Nginx server:
proxy_set_header X-Forwarded-Proto $scheme;
Then, you can make redirection in back Nginx server:
if ( $http_x_forwarded_proto != 'https' ) {
return 301 https://$host$request_uri;
}
Obviously, you could handle redirection inside app as well. You should have X-Forwarded-Proto header available in app, or you could set it as fastcgi param:
Somewhere in http {}
map $http_x_forwarded_proto $fe_https {
default off;
https on;
}
And extra mapping:
fastcgi_param HTTPS $fe_https;
Personally, I think that redirection should be done as early in a chain as plausible.