2018-03-08T07:39:32

Drupal 7 with Nginx SSL reverse proxy configuration

ssl lock

Nginx nginx/sites-enabled/somedrupalwebsite.com:

server {
         listen 443 ssl;
         server_name www.somedrupalwebsite.com;
         ssl on;
         ssl_certificate     /etc/ssl/private/somedrupalwebsite.com-fullchain.pem;
         ssl_certificate_key /etc/ssl/private/somedrupalwebsite.com-privkey.pem;
         ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers         'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
         ssl_dhparam         /etc/ssl/private/dhparam.pem;
         ssl_session_cache   shared:SSL:10m;
         ssl_prefer_server_ciphers on;

         location / {
                 proxy_pass http://127.0.0.1:8080;
                 proxy_set_header Host $host;
                 proxy_set_header X-Forwarded-Host $host;
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header X-Forwarded-Port $server_port;
                 proxy_set_header X-Forwarded-Proto $scheme;
         }
}
        

Drupal sites/default/settings.php:

$conf['reverse_proxy'] = TRUE;
$conf['reverse_proxy_addresses'] = array('127.0.0.1');
if ($conf['reverse_proxy']) {
   if (
     in_array($_SERVER['REMOTE_ADDR'], $conf['reverse_proxy_addresses'])
     && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
     && isset($_SERVER['HTTP_X_FORWARDED_HOST'])
   ) {
     if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
       $_SERVER['HTTPS'] = 'on';
     }

     $base_url = ($_SERVER['HTTP_X_FORWARDED_PROTO']).'://'.$_SERVER['HTTP_X_FORWARDED_HOST'];
     if (
       isset($_SERVER['HTTP_X_FORWARDED_PORT'])
       && ($_SERVER['HTTP_X_FORWARDED_PORT'] != 80)
       && ($_SERVER['HTTP_X_FORWARDED_PORT'] != 443)
     ) {
       $base_url .= ':'.$_SERVER['HTTP_X_FORWARDED_PORT'];
     }
   }
   else {
     trigger_error("reverse_proxy = true, but configuration failed. check proxy address and http headers");
   }
}

comments powered by Disqus