Set X-Forwarded-Proto to request scheme (#15310) (#15498)

This fixes a bug that prevents logins to mastodon onion services. The nginx directive assumed all requests were made over https, causing a domain mismatch for onion services that have https redirects disabled. The fix more correctly sets X-Forwarded-Proto to the actual scheme used in the request.
author: Cecylia Bocovich <cohosh@torproject.org> 2021-01-05 16:25:07 -0500
committer: GitHub <noreply@github.com> 2021-01-05 22:25:07 +0100
commit: 38bc4b95625e14c542fc09f8b302f8ca6b92f6ee (patch)
tree: 217a155895b418ce90666c95299755a2f4193655 /dist
parent: 15be57059dcfe99539edda6d4c33f1677b88520e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/dist/nginx.conf b/dist/nginx.conf
index 2d5f3a389..a0429d2aa 100644
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -73,7 +73,7 @@ server {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Proxy "";
     proxy_pass_header Server;
 
@@ -98,7 +98,7 @@ server {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Proxy "";
 
     proxy_pass http://streaming;
author	Cecylia Bocovich <cohosh@torproject.org>	2021-01-05 16:25:07 -0500
committer	GitHub <noreply@github.com>	2021-01-05 22:25:07 +0100
commit	38bc4b95625e14c542fc09f8b302f8ca6b92f6ee (patch)
tree	217a155895b418ce90666c95299755a2f4193655 /dist
parent	15be57059dcfe99539edda6d4c33f1677b88520e (diff)