Reverse SSL Proxy: NGINX in front of NGINX and Joomla

Question

My question is similar to this one, except that I have another nginx server behind the frontend nginx ssl proxy server:

--------------------------        --------------------------------       ----------
| nginx: https://bla.com | -----> | nginx: http://localhost:8080 | ----> | Joomla |
--------------------------        --------------------------------       ----------

Is there a similar option to SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on in nginx?

Currently I have the problem, that static content such as javascript and css files are not served.

Configuration on frontend nginx proxy:

server {
  listen 443;
  listen [::]:443 ipv6only=on;
  server_name bla.com;

  // cut ssl settings

  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;

    # Fix the “It appears that your reverse proxy set up is broken" error.
    proxy_pass          http://localhost:8080;
    proxy_read_timeout  90;
    proxy_redirect  http://localhost:8080 https://bla.com;
  }
}

server {
  listen 80;
  listen [::]:80 ipv6only=on;
  server_name bla.com www.bla.com;
  return 301 https://bla.com$request_uri;
}

As I understand it, I need to evaluate the "X-Forwarded-Proto" header in the "inner" nginx configuration and set HTTPS environment variable, so joomla can react accordingly (library/joomla/uri/uri.php):

// Determine if the request was over SSL (HTTPS).
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off'))
{
  $https = 's://';
}
else
{
  $https = '://';
}

I just don't know how :)

So, the question is *why* do you have multiple layers of nginx here? I can't really see any benefit to that. — devicenull, Dec 03 '14 at 01:18
For the same reason you have a nginx ssl proxy in front of an apache webserver. I deploy the joomla installation as a multi container docker app (mysql, php, nginx, "data container"). — S1lentSt0rm, Dec 03 '14 at 01:39
nginx in front of apache can make sense in some situations. nginx in front of nginx has no benefit at all. — devicenull, Dec 03 '14 at 01:41
I do not agree. However, this doesn't solve the problem. Any hint? — S1lentSt0rm, Dec 03 '14 at 01:48

score 2 · Answer 1 · answered Dec 03 '14 at 02:36

2

After a lot of research I found the solution. In "inner" nginx configuration:

http {     
  ...     
  map $http_x_forwarded_proto $context {
    https   on;
    default off;
  }   
  ...

  server {   
    ...    
    location ~ \.php$ {
      ...   
      fastcgi_param HTTPS $context;   
      ...
    }
  }
}

References: this hint on the nginx mailing list lead me to the solution.

answered Dec 03 '14 at 02:36

S1lentSt0rm

1,039
1
9
11

i have added, but it is not working, i use an nginx in an nginx - as the 2nd server is behind the front nginx – Patrik Laszlo Jan 06 '19 at 14:19

Reverse SSL Proxy: NGINX in front of NGINX and Joomla

1 Answers1