Question

Load Balancer sending incorrect X-Forwarded-Proto header to droplet

Hello all,

I am running up against the following scenario:

  1. Using a load balancer with SSL termination, and Proxy Protocol enabled, directing traffic to a droplet running nginx;

  2. nginx has been configured to accept the proxy protocol

server {
   listen 80 proxy_protocol;

[...]

location ~ / {
   proxy_http_version 1.1;
   proxy_cache_bypass $http_upgrade;

   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection 'upgrade';
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;

  1. When looking at the raw headers as relayed by nginx to express, I always see the “X-Forwarded-Proto” reported as “http”, even though the “x-forwarded-port” is properly relayed as “443”.

This is breaking my attempts to set a secure session cookie from within my app.

Does anyone have any suggestions? Is this perhaps a bug in the Digital Ocean load balancer?

Thanks to all who have ideas!

  • Charles

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer