From 8ecd6b036c91340eb446f538acd745a9e73c767b Mon Sep 17 00:00:00 2001 From: Thaddee Tyl Date: Mon, 28 Oct 2024 17:03:34 +0100 Subject: [PATCH] Only set X-Forwarded-Proto when header not set When the seafile docker container is behind a proxy that does the TLS termination, such that the seafile docker sees HTTP only, then, it receives requests where the following headers are set in the following way: X-Forwarded-Proto: https X-Forwarded-Ssl: on Because the default NGINX template has this directive: proxy_set_header X-Forwarded-Proto $scheme the request gets transmitted to gunicorn with the following, contradictory values: X-Forwarded-Proto: http X-Forwarded-Ssl: on Thus Seafile rejects the requests with a "Contradictory scheme headers" error. We instead change the header only when it is not set. Fixes #226. --- templates/seafile.nginx.conf.template | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/templates/seafile.nginx.conf.template b/templates/seafile.nginx.conf.template index 5a7cad72..1b82b88a 100644 --- a/templates/seafile.nginx.conf.template +++ b/templates/seafile.nginx.conf.template @@ -45,7 +45,9 @@ server { proxy_set_header Host $http_host; proxy_set_header Forwarded "for=$remote_addr;proto=$scheme"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + if ($http_x_forwarded_proto = "") { + proxy_set_header X-Forwarded-Proto $scheme; + } proxy_set_header X-Real-IP $remote_addr; proxy_set_header Connection ""; proxy_http_version 1.1; @@ -88,7 +90,9 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Forwarded-Proto $scheme; + if ($http_x_forwarded_proto = "") { + proxy_set_header X-Forwarded-Proto $scheme; + } proxy_read_timeout 1200s; client_max_body_size 0;