From 42da467336f79e6f7e78d2dd2aeb6d4786f60aa7 Mon Sep 17 00:00:00 2001 From: wurongjie Date: Thu, 9 Apr 2026 13:53:52 +0800 Subject: [PATCH] fix(nginx): use X-Forwarded-Proto header for proper protocol forwarding Replace $scheme with $http_x_forwarded_proto in proxy headers to correctly forward the original client protocol when behind a reverse proxy or load balancer. This fixes OAuth2 authentication issues where redirects would use the wrong protocol scheme. --- web/nginx.conf.template | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/web/nginx.conf.template b/web/nginx.conf.template index fe0300b63..be2a51a2f 100644 --- a/web/nginx.conf.template +++ b/web/nginx.conf.template @@ -10,6 +10,11 @@ server { gzip_types text/plain text/css application/json application/javascript text/xml; gzip_min_length 1000; + set $proxy_x_forwarded_proto $scheme; + if ($http_x_forwarded_proto) { + set $proxy_x_forwarded_proto $http_x_forwarded_proto; + } + location / { try_files $uri $uri/ /index.html; } @@ -19,27 +24,27 @@ server { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; } location /oauth2/ { proxy_pass ${SKILLHUB_API_UPSTREAM}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; } location /login/oauth2/ { proxy_pass ${SKILLHUB_API_UPSTREAM}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; } location /.well-known/ { proxy_pass ${SKILLHUB_API_UPSTREAM}; proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; } location /assets/ {