Set X-Forwarded-Proto to request scheme (#15310) (#15498)

This fixes a bug that prevents logins to mastodon onion services. The
nginx directive assumed all requests were made over https, causing a
domain mismatch for onion services that have https redirects disabled.
The fix more correctly sets X-Forwarded-Proto to the actual scheme used
in the request.
This commit is contained in:
Cecylia Bocovich 2021-01-05 16:25:07 -05:00 committed by GitHub
parent 15be57059d
commit 38bc4b9562
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

4
dist/nginx.conf vendored
View file

@ -73,7 +73,7 @@ server {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
proxy_pass_header Server; proxy_pass_header Server;
@ -98,7 +98,7 @@ server {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
proxy_pass http://streaming; proxy_pass http://streaming;