反向代理告诉后端 SSL 被使用的事实标准是什么? [英] What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?

问题描述

我有一个反向代理，它在外部执行 HTTPS，但在内部执行 HTTP.

I have a reverse proxy that does HTTPS on the outside, but HTTP on the inside.

这意味着默认情况下，应用内 URL 将使用 HTTP 作为方案，因为这是联系它的方式.

This means that by default in-app URLs will have HTTP as the scheme, as this is the way it's being contacted.

代理如何告诉后端应该使用HTTPS?

How can the proxy tell the backend that HTTPS should be used?

推荐答案

代理可以向它接收的请求添加额外(或覆盖)头并传递到后端.这些可用于将信息传达给后端.

The proxy can add extra (or overwrite) headers to requests it receives and passes through to the back-end. These can be used to communicate information to the back-end.

到目前为止，我已经看到一对用于在 URL 方案中强制使用 https:

So far I've seen a couple used for forcing the use of https in URL scheme:

X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Url-Scheme: https

维基百科也提到:

# a de facto standard:
X-Forwarded-Proto: https
# Non-standard header used by Microsoft applications and load-balancers:
Front-End-Https: on

这是你应该添加到虚拟主机上的 apache:其他代理应该有类似的功能

This what you should add to the VirtualHost on apache: other proxies should have similar functionality

RequestHeader set X-FORWARDED-PROTOCOL https
RequestHeader set X-Forwarded-Ssl on
# etc.

我认为最好将它们全部设置，或者设置一个有效的并删除其他已知的.以防止邪恶的客户与他们纠缠不清.

I think it's best to set them all, or set one that works and remove the other known ones. To prevent evil clients messing with them.

这篇关于反向代理告诉后端 SSL 被使用的事实标准是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！