nginx $scheme variable behind load balancer

svestka picture svestka · Jan 20, 2014 · Viewed 8.9k times · Source

Is it possible to force nginx $scheme value to "https" if nxinx is running behind load balancer?

In my scenario Load balancer takes care of https communication with client and forwards requests to nginx as raw http. I know I can do something like this to detect https

set $my_scheme "http";
if ($http_x_forwarded_proto = "https") {
    set $my_scheme "https";
}  

but I'm just curious if there is something like real_ip_header function for IPs.

Are there also some headers I need to update when detecting https manualy?

Answer

gmcnaughton picture gmcnaughton · Feb 20, 2014

Our setup is the same as yours, only using map instead of if/set (as recommended by the nginx devs).

# Sets a $real_scheme variable whose value is the scheme passed by the load
# balancer in X-Forwarded-Proto (if any), defaulting to $scheme.
# Similar to how the HttpRealIp module treats X-Forwarded-For.
map $http_x_forwarded_proto $real_scheme {
  default $http_x_forwarded_proto;
  ''      $scheme;
}

P.S. I agree, a real_scheme module would be nice!