CD
Cloudflare Developers3mo ago
Rush

i am getting http instead of https on my reverse proxy

Hello, from cloudflare I have a domain pointed to my own reverse proxy, it points to the docker container of my laravel application. Even though I'm using cloudflare https, my reverse proxy is passing x-forwarded-proto http to laravel, which is wrong. It has the result that, for example, urls are generated for me with http, even if I want them with https. This is my nginx configuration: 
server {
    listen 80;
    listen [::]:80;

    server_name mydomain.com;
        
    location / {
        proxy_pass http://my-app-app-1;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Uri $request_uri;
        proxy_set_header X-Forwarded-Host $host;
    }
}
server {
    listen 80;
    listen [::]:80;

    server_name mydomain.com;
        
    location / {
        proxy_pass http://my-app-app-1;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Uri $request_uri;
        proxy_set_header X-Forwarded-Host $host;
    }
}
7 Replies
Rush
Rush3mo ago
if I manually put https instead of $scheme, of course I get it, but shouldn't it happen automatically?
Hello, I’m Allie!
Hello, I’m Allie!3mo ago
IIRC, by default, Cloudflare SSL/TLS defaults to Flexible Mode. This means that while the User -> Cloudflare connection is over HTTPS, the Cloudflare -> Origin connection is over HTTP. This exists mainly to support services that don't have/can't support HTTPS. This means that while your users see HTTPS as they should, your server will see HTTP instead. To remedy this, you can set your SSL/TLS setting to Full or Full(Strict). I would recommend Full(Strict) if possible. You can follow a tutorial to get it set up here. When you get to Step #2, select the instructions for nginx.
Rush
Rush3mo ago
and wouldn't it be easier to keep the https connection only between the user and cloudflare and set https manually in my reverse proxy config? or does it have any disadvantages?
Hello, I’m Allie!
Hello, I’m Allie!3mo ago
That is easier, but it provides a false sense of security for your users. Any data they send/receive via your app would be unencrypted from Cloudflare -> Origin
Rush
Rush3mo ago
oh, okay and I would also like to ask about my remaining parameters: 
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Host $host;
I found them in the reverse proxy guide, but they probably don't take into account the fact that there will be one more proxy - cloudflare will my reverse proxy application pass end user data? is it able to take them from cloudflare? I also added deny all except cloudflare.com/ips ips there so if it automatically takes real user ip from cloudflare
Hello, I’m Allie!
Hello, I’m Allie!3mo ago
You can follow this tutorial to get the user's real IP: https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#web-server-instructions
Cloudflare Docs
Restoring original visitor IPs · Cloudflare Support docs
When your website traffic is routed through the Cloudflare network , we act as a reverse proxy. This allows Cloudflare to speed up page load time by …
Rush
Rush3mo ago
but that is used to set it up so that it looks like the main ip is the user's, right? for me, it is enough for the reverse proxy to pass the same header as cloudlare, because laravel can handle it
Want results from more Discord servers?
Add your server
More Posts
The docs describe `stable-diffusion-xl-The docs describe `stable-diffusion-xl-base-1.0` as: > Diffusion-based text-to-image generative modCan not build pages with gatsby?I have errors when building gatsby site: ``` NestedError: Cannot copy from `public/189f64f3c732f411Potential internal CF Pages issue: Error 500 on first post request but not subsequent onesThe pages worker seems to fail to process the first post request, but a try catch on the entire backRandom drops / 3 sec response timeThere is this issue going on for weeks now, at random time intervals the response time for pages go is it possible to develop locally against Cloudflare HTTP APIs?We are interested in using D1 from a non-worker runtime. As part of this effort, we’d like to run D1Deployment to PRODUCTION fails - tsc not foundHello, I have a very simple web application and using GitHub integration I deploy the code to our Hey Guys, I am stuck on this issue whileHey Guys, I am stuck on this issue while using next-on-pages next-dev module, not able to get local Cloudflare Pages http to httpsDoing SEO checks on my website and getting Use 301 redirects to drive traffic to URLS with the same Specific cloudflare server isnt really working with my PCCorrect permissions to view CF Pages project deployments.I'm trying to figure out, which permissions (https://dash.cloudflare.com/profile/api-tokens) i have