Support X-Forwarded-Proto or similar when operating as a backend behind a SSL terminator
|Reported by:||Tiernan Messmer||Owned by:|
|nginx -V:||nginx version: nginx/1.6.2|
Currently there is no way to override $scheme and $https variables when operating as a backend server behind a SSL terminator.
Most issues can be worked around by hardcoding https or referring to a x-forwarded-proto variable in rewrites/etc instead of $scheme, but this does not work for nginx initiated redirects (such as when adding a trailing slash) and also complicated configuration (possibly many lines need changing just to move ssl to a terminating device).
There are two ways I can see this being resolved, one by allowing inclusion of the scheme in the server_name option (or as a separate server_scheme option or similar) which is the route Apache takes (see http://httpd.apache.org/docs/2.2/mod/core.html#servername for more info)
The other option would be handling it similar to how the realip module handles setting the client address, but this lacks the option to hardcode it to always be https if no suitable upstream header is available.