Welcome! Log In Create A New Profile

Advanced

Feature Request: ssl module variable to use in configs

Posted by eimermusic 
Feature Request: ssl module variable to use in configs
September 22, 2009 09:47AM
I don't know how wide a problem this is. For some PHP applications the variable $_SERVER['HTTPS'] is used to determine if it is running under ssl. This variable is a true/false on/off variable.

Nginx does not (afaik) provide any similar variable that can be passed along to php like other parameters. For example:
fastcgi_param SERVER_PORT $server_port;

For the HTTPS parameter I have to set it completely manually to on. This is no huge problem for my small deployments but it would be nice if the ssl module could set a similar variable when it is in use we could just do:
fastcgi_param HTTPS $ssl;

I naturally thought of using the server port in an if clause and setting the param to on or off. But I saw this was bad, performance wise. (I never did get why.) Also using the port is not ideal since you could activate ssl on any port you like.

I apologise if I am barking up the wrong tree. I have dome some google trawling and haven't found any good way to set this parameter. In fact, in all examples of fastcgi parameters HTTPS is left out completely which is a bit odd.

thanks for reading.
Re: Feature Request: ssl module variable to use in configs
September 22, 2009 01:21PM
eimermusic Wrote:
-------------------------------------------------------
> I don't know how wide a problem this is. For some
> PHP applications the variable $_SERVER['HTTPS'] is
> used to determine if it is running under ssl. This
> variable is a true/false on/off variable.
>
> Nginx does not (afaik) provide any similar
> variable that can be passed along to php like
> other parameters. For example:
> fastcgi_param SERVER_PORT $server_port;
>
> For the HTTPS parameter I have to set it
> completely manually to on. This is no huge problem
> for my small deployments but it would be nice if
> the ssl module could set a similar variable when
> it is in use we could just do:
> fastcgi_param HTTPS $ssl;

For any deployment it's two lines in the configuration file:

[code]
location ~ \.php {
...
include /path/to/fastcgi_params;
fastcgi_param HTTPS on;
...
}
[/code]

alternatively you can use two fastcgi_params files:

[code]
server {
listen 80;
server_name yourhost.com;
...
location ~ \.php {
...
include /path/to/fastcgi_params; # non-https fastcgi_params file
...
}
...
}

server {
listen 443;
server_name yourhost.com;
...
location ~ \.php {
...
include /path/to/fastcgi_https_params; # file that includes "fastcgi_param HTTPS on;" entry
...
}
...
}

[/code]

Igor always recommends separating HTTP and HTTPS into separate servers so if you change one configuration it doesn't break the other. His words "My personal paractice is always to use separate servers since it allows to change their configuration without risk to break others."

>
> I naturally thought of using the server port in an
> if clause and setting the param to on or off. But
> I saw this was bad, performance wise. (I never did
> get why.) Also using the port is not ideal since
> you could activate ssl on any port you like.

The reason "if" clauses are bad has to do with the way the program functions. They slow down processing. On small sites with only a few requests/second it shouldn't have an impact.
>
> I apologise if I am barking up the wrong tree. I
> have dome some google trawling and haven't found
> any good way to set this parameter. In fact, in
> all examples of fastcgi parameters HTTPS is left
> out completely which is a bit odd.
>
> thanks for reading.

--
Jim Ohlstein
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 83
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready