Only set X-Forwarded-Proto when header not set

When the seafile docker container is behind a proxy that does the TLS termination, such that the seafile docker sees HTTP only, then, it receives requests where the following headers are set in the following way: X-Forwarded-Proto: https X-Forwarded-Ssl: on Because the default NGINX template has this directive: proxy_set_header X-Forwarded-Proto $scheme the request gets transmitted to gunicorn with the following, contradictory values: X-Forwarded-Proto: http X-Forwarded-Ssl: on Thus Seafile rejects the requests with a "Contradictory scheme headers" error. We instead change the header only when it is not set. Fixes haiwen#226.
espadrine · Oct 28, 2024 · 8ecd6b0 · 8ecd6b0
1 parent 833d5be
commit 8ecd6b0
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/templates/seafile.nginx.conf.template b/templates/seafile.nginx.conf.template
@@ -45,7 +45,9 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        if ($http_x_forwarded_proto = "") {
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Connection "";
         proxy_http_version 1.1;
@@ -88,7 +90,9 @@ server {
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
-        proxy_set_header   X-Forwarded-Proto $scheme;
+        if ($http_x_forwarded_proto = "") {
+            proxy_set_header   X-Forwarded-Proto $scheme;
+        }
         proxy_read_timeout  1200s;
         client_max_body_size 0;