Access X-Forwarded-Proto in lighttpd Configiuration

Question

I’ve got a lighttpd server behind an AWS load balancer. The ELB handles all the SSL stuff for me and forwards the requests to lighttpd over HTTP on port 80, setting the X-Forwarded-Proto header along the way.

As I only want to have one specific page go via HTTPS and everything else over HTTP, I wanted to setup redirects in the lighttpd config file, like:

$HTTP["scheme"] == "https" {
    $HTTP["host"] !~ ".*ttc/(index.html)?$" {
        $HTTP["host"] =~ "(.*)" {
            url.redirect = ( "^(.*)$" => "http://%1$1")
        }
    }
}

This, of course, doesn’t work, as lighttpd only sees HTTP requests…

I had a look at mod_extforward, but that only seems to provide access to the X-Forwarded-For header.

I’ll appreciate any suggestions on how to address this, without switching away from lighttpd.

Answer 1

I couldn't find answer to this so I've hacked using port configuration as follows:

HTTPS 443 (elb) => 80 (instance)
HTTP  80  (elb) => 81 (instance)

and in Lighttpd config:

$SERVER["socket"] == ":81" {
    # capture vhost name with regex conditiona -> %0 in redirect pattern
    # must be the most inner block to the redirect rule
    $HTTP["host"] =~ ".*" {
        url.redirect = (".*" => "https://%0$0")
    }
}

So basically when Lighttpd detects that connection is made to 81, it just redirects it to https.

Answer 2

What version of lighttpd are you using? I am looking at 1.4.36 and see that mod_extforward.c does handle X-Forwarded-Proto.

If this still does not work for you with lighttpd 1.4.36, perhaps mod_extforward needs to be loaded prior to some other modules in your lighttpd.conf?