Linode Nodebalancer is use Proxy to make balancer.
Before we can use HTTP (80 port) on it, but HTTPS (443 port) only can use TCP.
So we can't get real ip from remote user.
Now HTTPS is worked, but it use HTTP to callback, then nginx will block.
We need to fix https variable to make it work.
This is get real ip from remote for HTTP and HTTPS
http {
real_ip_header X-Forwarded-For;
set_real_ip_from 192.168.255.0/24;
}
Add map for HTTPS
Before we can map $http_x_forwarded_prote to $https, but on newer nginx, $https already defined when start. So we just create other variable.
http {
map $http_x_forwarded_proto $fastcgi_https {
default '';
https on;
}
map $http_x_forwarded_proto $fastcgi_server_port {
default $server_port;
https 443;
}
}
Change fastcgi_param
fastcgi_param SERVER_PORT $fastcgi_server_port; fastcgi_param HTTPS $fastcgi_https;
Nginx rewrite use double check
# Check https status
set $use_https "";
if ($https) {
set $use_https "on";
}
if ($fastcgi_https) {
set $use_https "on";
}
# Rewrite
if ($use_https) {
.......
}
That's worked!!
2013/12/12 updated:
I found if direct into server, the https will be incorrect. So I insert check before fastcgi_params temporarily.
if ($https = "on") {
set $fastcgi_https "on";
}
fastcgi_param HTTPS $fastcgi_https;
But......if it got problem.......why SERVER_PORT work.....= =a