More than 5 years have passed since last update.

[AWS][CloudFront] CloudFront で HTTPS リクエストを受け付けた場合に X-Forwarded-Proto をちゃんとアプリケーションに渡すには？

Last updated at 2016-11-09Posted at 2016-11-09

CloudFront → オリジンサーバ間は http でやりとりしてて、Web サーバ側では CloudFront に https でリクエストされてることを認識してくれないって時の対処方法。
CloudFront の Behaviors で「Forward Headers」で CloudFront-Forwarded-Proto をオリジンサーバに渡すようにしておくこと。

Apache での対応

httpd.conf

SetEnvIf  CloudFront-Forwarded-Proto "https" HTTPS
RequestHeader set X-Forwarded-Proto "https" env=HTTPS

Nginx での対応

nginx.conf

server {

    ...

    set $proxy_https '';
    if ( $http_cloudfront_forwarded_proto = 'https' ) {
        set $proxy_https 'on';
    }
    if ( $http_x_forwarded_proto = 'https' ) {
        set $proxy_https 'on';
    }
    if ( $scheme = 'https' ) {
        set $proxy_https 'on';
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   phpfpm;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $script_root$fastcgi_script_name;
        fastcgi_param  HTTPS            $proxy_https  if_not_empty;
        include        fastcgi_params;
    }
}

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up