CD
Cloudflare Developers8mo ago
Rush

i am getting http instead of https on my reverse proxy

Hello, from cloudflare I have a domain pointed to my own reverse proxy, it points to the docker container of my laravel application. Even though I'm using cloudflare https, my reverse proxy is passing x-forwarded-proto http to laravel, which is wrong. It has the result that, for example, urls are generated for me with http, even if I want them with https. This is my nginx configuration: 
server {
    listen 80;
    listen [::]:80;

    server_name mydomain.com;
        
    location / {
        proxy_pass http://my-app-app-1;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Uri $request_uri;
        proxy_set_header X-Forwarded-Host $host;
    }
}
server {
    listen 80;
    listen [::]:80;

    server_name mydomain.com;
        
    location / {
        proxy_pass http://my-app-app-1;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Uri $request_uri;
        proxy_set_header X-Forwarded-Host $host;
    }
}
7 Replies
Rush
RushOP8mo ago
if I manually put https instead of $scheme, of course I get it, but shouldn't it happen automatically?
Hello, I’m Allie!
Hello, I’m Allie!8mo ago
IIRC, by default, Cloudflare SSL/TLS defaults to Flexible Mode. This means that while the User -> Cloudflare connection is over HTTPS, the Cloudflare -> Origin connection is over HTTP. This exists mainly to support services that don't have/can't support HTTPS. This means that while your users see HTTPS as they should, your server will see HTTP instead. To remedy this, you can set your SSL/TLS setting to Full or Full(Strict). I would recommend Full(Strict) if possible. You can follow a tutorial to get it set up here. When you get to Step #2, select the instructions for nginx.
Rush
RushOP8mo ago
and wouldn't it be easier to keep the https connection only between the user and cloudflare and set https manually in my reverse proxy config? or does it have any disadvantages?
Hello, I’m Allie!
Hello, I’m Allie!8mo ago
That is easier, but it provides a false sense of security for your users. Any data they send/receive via your app would be unencrypted from Cloudflare -> Origin
Rush
RushOP8mo ago
oh, okay and I would also like to ask about my remaining parameters: 
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Host $host;
I found them in the reverse proxy guide, but they probably don't take into account the fact that there will be one more proxy - cloudflare will my reverse proxy application pass end user data? is it able to take them from cloudflare? I also added deny all except cloudflare.com/ips ips there so if it automatically takes real user ip from cloudflare
Hello, I’m Allie!
Hello, I’m Allie!8mo ago
You can follow this tutorial to get the user's real IP: https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#web-server-instructions
Cloudflare Docs
Restoring original visitor IPs · Cloudflare Support docs
When your website traffic is routed through the Cloudflare network , we act as a reverse proxy. This allows Cloudflare to speed up page load time by …
Rush
RushOP8mo ago
but that is used to set it up so that it looks like the main ip is the user's, right? for me, it is enough for the reverse proxy to pass the same header as cloudlare, because laravel can handle it
Want results from more Discord servers?
Add your server