Skip to content

Commit 19176fe

Browse files
pini-ghpini-gh
committed
Fix HTTPS passthrough when redirecting from HTTP
Redirect to HTTPS external port instead of the HTTPS passthrough port which is not reachable from outside.
1 parent 02ea883 commit 19176fe

File tree

1 file changed

+8
-7
lines changed

1 file changed

+8
-7
lines changed

app/nginx.tmpl

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,8 @@
22

33
{{ $host_variable_name := coalesce $.Env.HOST_VARIABLE_NAME "VIRTUAL_HOST" }}
44
{{ $external_http_port := coalesce $.Env.HTTP_PORT "80" }}
5-
{{ $external_https_port := coalesce $.Env.HTTPS_PASSTHROUGH_PORT $.Env.HTTPS_PORT "443" }}
5+
{{ $external_https_port := coalesce $.Env.HTTPS_PORT "443" }}
6+
{{ $listen_https_port := coalesce $.Env.HTTPS_PASSTHROUGH_PORT $external_https_port }}
67
{{ $https_passthrough_enabled := (ne (coalesce $.Env.HTTPS_PASSTHROUGH_PORT "") "") }}
78
{{ $http_proxy_protocol_enabled := (eq (coalesce $.Env.HTTP_PROXY_PROTOCOL "false") "true") }}
89
{{ $https_proxy_protocol_enabled := (or $https_passthrough_enabled (eq (coalesce $.Env.HTTPS_PROXY_PROTOCOL "false") "true")) }}
@@ -147,9 +148,9 @@ server {
147148
server {
148149
server_name _; # This is just an invalid value which will never trigger on a real hostname.
149150
server_tokens off;
150-
listen {{ $external_https_port }} ssl http2 {{ $https_proxy_protocol }};
151+
listen {{ $listen_https_port }} ssl http2 {{ $https_proxy_protocol }};
151152
{{ if $enable_ipv6 }}
152-
listen [::]:{{ $external_https_port }} ssl http2 {{ $https_proxy_protocol }};
153+
listen [::]:{{ $listen_https_port }} ssl http2 {{ $https_proxy_protocol }};
153154
{{ end }}
154155
{{ if $https_proxy_protocol_enabled }}
155156
{{ if $https_passthrough_enabled }}
@@ -323,9 +324,9 @@ server {
323324
{{ if $server_tokens }}
324325
server_tokens {{ $server_tokens }};
325326
{{ end }}
326-
listen {{ $external_https_port }} ssl http2 {{ $default_server }} {{ $https_proxy_protocol }};
327+
listen {{ $listen_https_port }} ssl http2 {{ $default_server }} {{ $https_proxy_protocol }};
327328
{{ if $enable_ipv6 }}
328-
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }} {{ $https_proxy_protocol }};
329+
listen [::]:{{ $listen_https_port }} ssl http2 {{ $default_server }} {{ $https_proxy_protocol }};
329330
{{ end }}
330331
{{ if $https_proxy_protocol_enabled }}
331332
{{ if $https_passthrough_enabled }}
@@ -476,9 +477,9 @@ server {
476477
{{ if $server_tokens }}
477478
server_tokens {{ $server_tokens }};
478479
{{ end }}
479-
listen {{ $external_https_port }} ssl http2 {{ $default_server }} {{ $https_proxy_protocol }};
480+
listen {{ $listen_https_port }} ssl http2 {{ $default_server }} {{ $https_proxy_protocol }};
480481
{{ if $enable_ipv6 }}
481-
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }} {{ $https_proxy_protocol }};
482+
listen [::]:{{ $listen_https_port }} ssl http2 {{ $default_server }} {{ $https_proxy_protocol }};
482483
{{ end }}
483484
{{ if $https_proxy_protocol_enabled }}
484485
{{ if $https_passthrough_enabled }}

0 commit comments

Comments
 (0)