SSL, php-fpm and nginx

Like many switching to the nginx/php-fpm combo, I ran into a situation with some PHP scripts that relied on $_SERVER[“HTTPS”] having a value of ‘on’. As of nginx 1.0.4, this isn’t provided out of the box. Of course, the rest of the $_SERVER[“SSL_*”] values that are present under Apache and mod_php (or php-fpm) aren’t available either.

The closest approximation I could come up with to Apache’s mod_ssl +StdEnvVars for nginx is this: create a file in your nginx config directory (commonly /usr/local/nginx/conf) called fastcgi_ssl.conf. Add the following to it:

# Provide as much of Apache's SSL +StdEnvVars data as possible.
fastcgi_param HTTPS                 on;
fastcgi_param SSL_PROTOCOL          $ssl_protocol;
fastcgi_param SSL_CIPHER            $ssl_cipher;
fastcgi_param SSL_SESSION_ID        $ssl_session_id;
fastcgi_param SSL_CLIENT_VERIFY     $ssl_client_verify;

# _SERVER entries for these will be empty unless you
# rely on client-side certs you've issued
#fastcgi_param SSL_CLIENT_CERT       $ssl_client_cert;
#fastcgi_param SSL_CLIENT_RAW_CERT   $ssl_client_raw_cert;
#fastcgi_param SSL_CLIENT_S_DN       $ssl_client_s_dn;
#fastcgi_param SSL_CLIENT_I_DN       $ssl_client_i_dn;
#fastcgi_param SSL_CLIENT_SERIAL     $ssl_client_serial;

Include this file only inside server {} blocks that are configured for SSL use in nginx, and you’ll find that a environment checks for HTTPS work a lot better from within PHP.