Question

Load Balancer sending incorrect X-Forwarded-Proto header to droplet

Hello all,

I am running up against the following scenario:

  1. Using a load balancer with SSL termination, and Proxy Protocol enabled, directing traffic to a droplet running nginx;

  2. nginx has been configured to accept the proxy protocol

server {
   listen 80 proxy_protocol;

[...]

location ~ / {
   proxy_http_version 1.1;
   proxy_cache_bypass $http_upgrade;

   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection 'upgrade';
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;

  1. When looking at the raw headers as relayed by nginx to express, I always see the “X-Forwarded-Proto” reported as “http”, even though the “x-forwarded-port” is properly relayed as “443”.

This is breaking my attempts to set a secure session cookie from within my app.

Does anyone have any suggestions? Is this perhaps a bug in the Digital Ocean load balancer?

Thanks to all who have ideas!

  • Charles

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer