Merge branch 'move-x-forwarded-proto-for-https' into 'master'
Only include X-Forwarded-Proto when HTTPS is enabled
Be explicit about X-Forwarded-Proto scheme used based on HTTPS setting. In the case of multiple reverse proxies, the scheme may appear to be HTTP, which could cause 422 errors.
[Unicorn only checks if the setting is "https"](4e7cab9f17/ext/unicorn_http/unicorn_http.rl (L476)
) and otherwise defaults to "http".
Closes gitlab-org/gitlab-ce#2091
See merge request !435
This commit is contained in:
commit
19d71ac3cb
|
@ -72,7 +72,7 @@ server {
|
|||
proxy_connect_timeout 300;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Proto <%= @https ? "https" : "http" %>;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
|
@ -115,7 +115,7 @@ server {
|
|||
proxy_set_header X-Forwarded-Ssl on;
|
||||
<% end %>
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Proto <%= @https ? "https" : "http" %>;
|
||||
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||
|
||||
proxy_pass http://gitlab;
|
||||
|
|
|
@ -54,7 +54,7 @@ server {
|
|||
proxy_connect_timeout 300;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Proto <%= @https ? "https" : "http" %>;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
Loading…
Reference in New Issue