Improve Host forwarding in Nginx #69
Description
Forwarding of scheme and port from a proxy server in front of Nginx has been debated several times.
We haven't reached full consensus on its management, and the current solutions are not perfect for several reasons.
Some discussions related to the topic:
- Option to force the scheme forwarded by Nginx #46
- Forward to Django the public port where Nginx is exposed #52
The main use cases to be covered are:
- Nginx serving directly GeoNode (generally over HTTPS)
- Nginx is behind an HTTP server that does the SSL termination. The frontend server might be served over a non-standard port.
- Nginx is doing the SSL termination (443 port generally) and is behind an HTTP server, serving on whatever port. We have had a case where the frontend server was exposed over 8443, and the termination was done by Nginx on 443.
A combination of variables has been used to control Nginx server(s) configuration and header forwarding.
Recently, e3f50b6 introduced the possibility to use the HTTPS_PORT variable to force the host and Origin forwarding.
This is not perfect because:
- The Origin and host headers should come automatically from the browser. If we force them, we override a general assumption and expected behaviour
- In case Nginx is served on a port and the external server on another one, we can't rely on the single HTTP(S)_PORT variable
I think this intricate combination of cases, variables, and configurations should be analysed to achieve a cleaner and standard approach, if possible.