Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
533 views
in Technique[技术] by (71.8m points)

https - What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?

I have a reverse proxy that does HTTPS on the outside, but HTTP on the inside.

This means that by default in-app URLs will have HTTP as the scheme, as this is the way it's being contacted.

How can the proxy tell the backend that HTTPS should be used?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The proxy can add extra (or overwrite) headers to requests it receives and passes through to the back-end. These can be used to communicate information to the back-end.

So far I've seen a couple used for forcing the use of https in URL scheme:

X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Url-Scheme: https

And wikipedia also mentions:

# a de facto standard:
X-Forwarded-Proto: https
# Non-standard header used by Microsoft applications and load-balancers:
Front-End-Https: on

This what you should add to the VirtualHost on : other proxies should have similar functionality

RequestHeader set X-FORWARDED-PROTOCOL https
RequestHeader set X-Forwarded-Ssl on
# etc.

I think it's best to set them all, or set one that works and remove the other known ones. To prevent evil clients messing with them.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...