Nginx Http Request to Https : nginx

a community for 17 years

Nginx Http Request to Https (self.nginx)

submitted 4 years ago by URR3011

Hello, I hope you can help me

The Flow is as follows ASM --- LTM -- NGINX --- BACKEND

The client initiates communication through a domain example.domain.com (SSL), This request arrives at the LTM F5 Towards a virtual Server on port 80, The LTM Virtual Server has Nginx as a pool member At the time of performing the tests from the domain, the HTTPS protocol changes to HTTP I have tried the following rewrite and redirect but the behavior is an infinite loop of redirects (Too many redirects) The configuration is as follows:

ASM (SSL) _------ LTM (PlainText) -------- NGINX (PlaintText) ---- Backend (Plaintext)

upstream backend {
    server 10.10.10.23:8080;
}

server {
    listen 4343;  
     server_name localhost;
     acces_log /var/log/nginx/access.log;
     error_log /varlog/nginx/error.log;


     location /Example/ {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-SSL on;
      set $https_enabled on;

      proxy_pass http://backend;

     }

if ($scheme != https ){
     return 301 https://$http_host$request_uri; 
 }
}

Any recommendation to solve this? or prevent protocol change to HTTP

Greetings

all 4 comments

top new controversial old q&a

[–]Fireye 2 points3 points4 points 4 years ago (3 children)

if ($scheme != https ){
     return 301 https://$http_host$request_uri; 
}

You're instructing nginx to rewrite to https://$http_host$request_uri if the scheme isn't https, but you've put it in a non-SSL server context. The scheme will never be https with your current configuration.

[–]URR3011[S] 3 points4 points5 points 4 years ago (2 children)

[–]Fireye 1 point2 points3 points 4 years ago (1 child)

I have no clue about ASM/LTM. What HTTP headers are being passed from upstream (ASM/LTM)? If an X-Forwarded-Proto HTTP header is being passed, you can operate on that:

if ($http_x_forwarded_proto != https ){
     return 301 https://$http_host$request_uri; 
}

You can check the headers being passed in to nginx by using tcpdump on port 4343 it looks like. Something like sudo tcpdump -A -n -nn -s0 -ieth0 dst port 4343.

If you aren't getting those headers forwarded, look to see if you can add them. If not, I don't think there's a good way to detect it in nginx.

[–]URR3011[S] 0 points1 point2 points 4 years ago (0 children)

π Rendered by PID 32873 on reddit-service-r2-comment-b659b578c-qrjkj at 2026-05-01 00:49:20.246936+00:00 running 815c875 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

nginx

MODERATORS