反向代理的事实标准是什么告诉使用后端SSL？ [英] What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?

问题描述

我有一个反向代理，它在外部执行HTTPS，但内部使用HTTP。

I have a reverse proxy that does HTTPS on the outside, but HTTP on the inside.

这意味着默认情况下，应用程序内URL将使用HTTP作为方案，因为这是它的联系方式。

This means that by default in-app URLs will have HTTP as the scheme, as this is the way it's being contacted.

代理如何告诉后端应该使用HTTPS？

How can the proxy tell the backend that HTTPS should be used?

推荐答案

代理可以向其接收的请求添加额外（或覆盖）标头并传递到后端。这些可用于将信息传递给后端。

The proxy can add extra (or overwrite) headers to requests it receives and passes through to the back-end. These can be used to communicate information to the back-end.

到目前为止，我已经看到一对用于在URL方案中强制使用https：

So far I've seen a couple used for forcing the use of https in URL scheme:

X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Url-Scheme: https

维基百科也提到：

# a de facto standard:
X-Forwarded-Proto: https
# Non-standard header used by Microsoft applications and load-balancers:
Front-End-Https: on

这应该添加到VirtualHost apache ：其他代理应具有类似的功能

This what you should add to the VirtualHost on apache: other proxies should have similar functionality

RequestHeader set X-FORWARDED-PROTOCOL https
RequestHeader set X-Forwarded-Ssl on
# etc.

我认为最好将它们全部设置，或设置一个有效并删除其他已知的。为了防止邪恶的客户搞乱他们。

I think it's best to set them all, or set one that works and remove the other known ones. To prevent evil clients messing with them.

这篇关于反向代理的事实标准是什么告诉使用后端SSL？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！