Reputation: 1
Nginx rewrite to https from http on same server_name block when ssl is handled downstream
We have had this issue for ages now, and its starting to bite us in the ass. We run a site for a client written in python on the django framework. We then use nginx as a webserver/proxy for django. This is usually the most standard setup and works well.
The issue is that our client has another apache server higher up. That server handles the ssl termination and just passes requests to us via normal http. The apache server accepts both http and https on 2 domain names.
We can easily rewrite http to https on nginx level, but the issue comes in that a user can remove https and just use http.
Is there a way on nginx level to force users back to https://secure.example.com if they are on http://secure.example.com.
Thanks
Upvotes: 0
Views: 150
Answers (1)
Reputation: 49772
The usual technique is for the proxy handling ssl termination to add an X-Forwarded-Proto header. The upstream application can then conditionally redirect when entering a secure area.
With nginx this could be accomplished using a map:
map $http_x_forwarded_proto $insecure {
default 1;
https 0;
}
server {
...
if ($insecure) {
return 301 https://$host$request_uri;
}
...
}
Upvotes: 1
Related Questions
- How to use Django Nginx Application with both HTTP and HTTPS requests?
- Redirecting correctly HTTP to HTTPS using Django and Nginx
- Django urls with https behind nginx proxy
- django + nginx https redirect shows (414 Request-URI Too Large)
- Accessing Django Admin over HTTPS behind Nginx
- Rewrite specifc path from http to https with nginx
- force https to http nginx subdmain
- Nginx/Django SSL Configuration for a specific sub page
- nginx rewrite leads to redirect loop
- Routing http to https using nginx as a reverse proxy