From 2a8a19856858dcaaf8d3233a2fc701e8a10c84a4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 20 May 2020 11:33:17 -0600 Subject: reverseproxy: Don't overwrite existing X-Forwarded-Proto header Correct behavior is not well defined because this is a non-standard header field. This could be a "hop-by-hop" field much like X-Forwarded-For is, but even our X-Forwarded-For implementation preserves prior entries. Or, it could be best to preserve the original value from the first hop, representing the protocol as facing the client. Let's try it the other way for a bit and see how it goes. See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt --- modules/caddyhttp/reverseproxy/reverseproxy.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'modules/caddyhttp') diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 3bf881e..8137237 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -441,12 +441,14 @@ func (h Handler) prepareRequest(req *http.Request) error { req.Header.Set("X-Forwarded-For", clientIP) } - // set X-Forwarded-Proto; many backend apps expect this too - proto := "https" - if req.TLS == nil { - proto = "http" + if req.Header.Get("X-Forwarded-Proto") == "" { + // set X-Forwarded-Proto; many backend apps expect this too + proto := "https" + if req.TLS == nil { + proto = "http" + } + req.Header.Set("X-Forwarded-Proto", proto) } - req.Header.Set("X-Forwarded-Proto", proto) return nil } -- cgit v1.2.3