Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c41d592

Browse files
javiereguiluzjaviereguiluz
committed
minor #19422 [Proxy configuration] Add help for hidden SSL termination (dbu)
This PR was submitted for the 7.1 branch but it was merged into the 6.3 branch instead. Discussion ---------- [Proxy configuration] Add help for hidden SSL termination i struggled quite a bit trying to make links generated with https in azure. the ssl termination is done by azure, but they "hide" that it happens, there is no information in the HTTP headers about the proxy that does it. Commits ------- 96634f5 Add help for hidden SSL termination
2 parents 98fc47f + 96634f5 commit c41d592

File tree

1 file changed

+23
-0
lines changed

1 file changed

+23
-0
lines changed

deployment/proxies.rst

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,8 +164,31 @@ handling the request::
164164
// ...
165165
$response = $kernel->handle($request);
166166

167+
Overriding configuration behind hidden SSL termination
168+
------------------------------------------------------
169+
170+
Some cloud setups (like running a Docker container with the "Web App for Containers"
171+
in `Microsoft Azure`_) do SSL termination and contact your web server over http, but
172+
do not change the remote address nor set the ``X-Forwarded-*`` headers. This means
173+
the trusted proxy funcationality of Symfony can't help you.
174+
175+
Once you made sure your server is only reachable through the cloud proxy over HTTPS
176+
and not through HTTP, you can override the information your web server sends to PHP.
177+
For Nginx, this could look like this:
178+
179+
.. code-block:: nginx
180+
181+
location ~ ^/index\.php$ {
182+
fastcgi_pass 127.0.0.1:9000;
183+
include fastcgi.conf;
184+
# Lie to symfony about the protocol and port so that it generates the correct https URLs
185+
fastcgi_param SERVER_PORT "443";
186+
fastcgi_param HTTPS "on";
187+
}
188+
167189
.. _`security groups`: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html
168190
.. _`CloudFront`: https://en.wikipedia.org/wiki/Amazon_CloudFront
169191
.. _`CloudFront IP ranges`: https://ip-ranges.amazonaws.com/ip-ranges.json
170192
.. _`HTTP Host header attacks`: https://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
171193
.. _`nginx realip module`: https://nginx.org/en/docs/http/ngx_http_realip_module.html
194+
.. _`Microsoft Azure`: https://en.wikipedia.org/wiki/Microsoft_Azure

0 commit comments

Comments
 (0)