Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

force ssl with cloudflared not working #3365

Open
realies opened this issue Dec 3, 2023 · 4 comments · May be fixed by #3589
Open

force ssl with cloudflared not working #3365

realies opened this issue Dec 3, 2023 · 4 comments · May be fixed by #3589
Labels
bug

Comments

@realies
Copy link

realies commented Dec 3, 2023
edited

the toggle is enabled, and the inclusion of the force-ssl.conf file is part of the proxy config; however, curl -v http://some.example.com returns without a redirect to https

if relevant, npm is exposed via cloudflared with config like:

tunnel: ***
credentials-file: ***

ingress:
  - service: https://nginx-proxy-manager
    originRequest:
      originServerName: proxy.example.com
@realies realies added the bug label Dec 3, 2023
@Relax-87
Copy link

+1

@23atomist
Copy link

23atomist commented Dec 10, 2023
edited

It looks like somewhere along the line HSTS and SSL parts are not added to the config.
All the host's I added over the last 2 weeks are missing those parts. Here is a diff from old to new config.

34,35d33
<   # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
<   add_header Strict-Transport-Security "max-age=63072000; preload" always;
41,42d38
<     # Force SSL
<     include conf.d/include/force-ssl.conf;
< proxy_ssl_verify off;
< proxy_read_timeout 300;
< proxy_connect_timeout 300;
< proxy_send_timeout 300;
> proxy_ssl_verify off;
66,70d54
<   # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
<   add_header Strict-Transport-Security "max-age=63072000; preload" always;

@realies realies changed the title force ssl not working force ssl with cloudflared not working Feb 27, 2024
@realies
Copy link
Author

realies commented Feb 27, 2024

It turns out cloudflared handles http connections and it routes them over https to the local service as per the config line:

  - service: https://nginx-proxy-manager

Managed to fix this by changing /etc/nginx/conf.d/include/force-ssl.conf from

if ($scheme = "http") {

to

if ($http_x_forwarded_proto = "http") {

@realies realies linked a pull request Feb 27, 2024 that will close this issue
Open
@julianq julianq mentioned this issue May 17, 2024
Open
@jc21
Copy link
Member

jc21 commented May 20, 2024

I'll take a look at the issue of force SSL not working in a vanilla way.

Running this project behind a proxy isn't really its intended purpose, however http_x_forwarded_proto is an industry standard header that can be supported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

use client provided header to determine access protocol realies/nginx-proxy-manager
4 participants
@jc21 @realies @Relax-87 @23atomist