SSL, php-fpm and nginx
Like many switching to the nginx/php-fpm combo, I ran into a situation with some PHP scripts that relied on $_SERVER[“HTTPS”] having a value of ‘on’. As of nginx 1.0.4, this isn’t provided out of the box. Of course, the rest of the $_SERVER[“SSL_*”] values that are present under Apache and mod_php (or php-fpm) aren’t available either.
The closest approximation I could come up with to Apache’s mod_ssl +StdEnvVars for nginx is this: create a file in your nginx config directory (commonly /usr/local/nginx/conf) called fastcgi_ssl.conf. Add the following to it:
# Provide as much of Apache's SSL +StdEnvVars data as possible.
fastcgi_param HTTPS on;
fastcgi_param SSL_PROTOCOL $ssl_protocol;
fastcgi_param SSL_CIPHER $ssl_cipher;
fastcgi_param SSL_SESSION_ID $ssl_session_id;
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
# _SERVER entries for these will be empty unless you
# rely on client-side certs you've issued
#fastcgi_param SSL_CLIENT_CERT $ssl_client_cert;
#fastcgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert;
#fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
#fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;
#fastcgi_param SSL_CLIENT_SERIAL $ssl_client_serial;
Include this file only inside server {} blocks that are configured for SSL use in nginx, and you’ll find that a environment checks for HTTPS work a lot better from within PHP.
11 notes
-
transientyou83 likes this
-
nhmortgagebroker likes this
-
mamortgageexpert likes this
-
loganabbott likes this
-
claylo posted this
