req.var.scheme broken behind a reverse-proxy. Allow the Nginx admin to set "proxy_https" to override "https"

2017-09-19 13:57:01 +02:00 · 2017-09-19 13:57:01 +02:00 · db8724d578
parent a0d143aad9
commit db8724d578
2 changed files with 16 additions and 6 deletions
--- a/access.lua
+++ b/access.lua
@ -185,22 +185,27 @@ end
 -- If the URL matches one of the `redirected_urls` in the configuration file,
 -- just redirect to the target URL/URI
 --
+local https = ngx.var.proxy_https or ngx.var.https
+local scheme = "http"
+if https and https ~= "" then
+    scheme = "https"
+end

 function detect_redirection(redirect_url)
    if hlp.string.starts(redirect_url, "http://")
    or hlp.string.starts(redirect_url, "https://") then
        return hlp.redirect(redirect_url)
    elseif hlp.string.starts(redirect_url, "/") then
-        return hlp.redirect(ngx.var.scheme.."://"..ngx.var.host..redirect_url)
+        return hlp.redirect(scheme.."://"..ngx.var.host..redirect_url)
    else
-        return hlp.redirect(ngx.var.scheme.."://"..redirect_url)
+        return hlp.redirect(scheme.."://"..redirect_url)
    end
 end

 if conf["redirected_urls"] then
    for url, redirect_url in pairs(conf["redirected_urls"]) do
        if url == ngx.var.host..ngx.var.uri..hlp.uri_args_string()
-        or url == ngx.var.scheme.."://"..ngx.var.host..ngx.var.uri..hlp.uri_args_string()
+        or url == scheme.."://"..ngx.var.host..ngx.var.uri..hlp.uri_args_string()
        or url == ngx.var.uri..hlp.uri_args_string() then
            detect_redirection(redirect_url)
        end
@ -210,7 +215,7 @@ end
 if conf["redirected_regex"] then
    for regex, redirect_url in pairs(conf["redirected_regex"]) do
        if string.match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
-        or string.match(ngx.var.scheme.."://"..ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
+        or string.match(scheme.."://"..ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
        or string.match(ngx.var.uri..hlp.uri_args_string(), regex) then
            detect_redirection(redirect_url)
        end
@ -394,6 +399,6 @@ end
 --

 hlp.flash("info", hlp.t("please_login"))
-local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string()
+local back_url = scheme .. "://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string()
 ngx.log(ngx.DEBUG, "REDIRECT BY DEFAULT")
 return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
--- a/helpers.lua
+++ b/helpers.lua
@ -330,7 +330,12 @@ function set_headers(user)
    -- logging.
    if not cache:get(user.."-password") then
        flash("info", t("please_login"))
-        local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. uri_args_string()
+        local https = ngx.var.proxy_https or ngx.var.https
+        local scheme = "http"
+        if https and https ~= "" then
+            scheme = "https"
+        end
+        local back_url = scheme .. "://" .. ngx.var.host .. ngx.var.uri .. uri_args_string()
        return redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
    end