From 654500a87d002e7291a34c2eb5187d5792d810e9 Mon Sep 17 00:00:00 2001
From: bohung <bohung@rulingcom.com>
Date: Thu, 29 Apr 2021 14:50:03 +0800
Subject: [PATCH] Add X-Forwarded-Proto https.

---
 app/models/site_construct.rb | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/app/models/site_construct.rb b/app/models/site_construct.rb
index bc48653..36c17f7 100644
--- a/app/models/site_construct.rb
+++ b/app/models/site_construct.rb
@@ -116,14 +116,27 @@ class SiteConstruct
       domain_name = self.domain_name
       new_server_block = new_server_block.gsub(/(server_name\s+)[^;]+/m){|ff| "#{$1}#{domain_name}"}
       new_server_block = new_server_block.gsub(/\s*ssl_certificate[^;]+;/,'')
-      get_redirect_block = parse_nginx_text_to_server_blocks(old_server_block,true,2).select{|t| t.match(/\s*return\s+30[12]\s+https:\/\/\$host\$request_uri\s*;/)}
+      level_2_block = parse_nginx_text_to_server_blocks(old_server_block,true,2)
+      get_redirect_block = level_2_block.select{|t| t.match(/\s*return\s+30[12]\s+https:\/\/\$host\$request_uri\s*;/)}
+      location_app_block = level_2_block.select{|t| t.match(/location\s+@app/)}
       if get_redirect_block.count > 0
         get_redirect_block.each do |redirect_block|
           new_server_block = new_server_block.gsub(redirect_block,'')
         end
       end
+      if location_app_block.count > 0
+        location_app_block = location_app_block.map do |app_block|
+            new_app_block = app_block.gsub(/proxy_set_header\s+X-Forwarded-Proto\s+https\s*;/,"")
+            new_server_block = new_server_block.gsub(app_block,new_app_block)
+            new_app_block
+        end
+      end
       if port == "443"
         new_server_block = new_server_block.gsub(/(listen\s+)[^;]+;/){|ff| ff + "\n\n  ssl_certificate #{self.cert_file_remote_store_path};\n\n  ssl_certificate_key #{self.private_key_remote_store_path};\n\n"}
+        location_app_block.each do |app_block|
+            new_app_block = app_block.gsub(/proxy_set_header\s+Host\s+\$http_host\s*;/){|ff| ff + "\n    proxy_set_header   X-Forwarded-Proto  https;"}
+            new_server_block = new_server_block.gsub(app_block,new_app_block)
+        end
       else
         if self.redirect_to_https && !self.site_cert.nil?
           new_server_block = new_server_block.sub(/(listen\s+)[^;]+;[\s\r\n]*/){|ff| ff + "  if ($host ~ (#{self.site_cert.domain_names.map{|s| '^'+s.gsub('.','\.').gsub('*','[^.]*').gsub(',','')}.join('|')}) ) {\n"+
@@ -150,6 +163,7 @@ class SiteConstruct
         '    proxy_redirect     off;\n'+
         '    proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;\n'+
         '    proxy_set_header   Host  \$http_host;\n'+
+        (port == "443" ? '    proxy_set_header X-Forwarded-Proto https;\n' : '')+
         '    proxy_connect_timeout   360;\n'+
         '    proxy_pass http://'+self.get_site_name+'_sock;\n'+
         '  }\n'+