I am using nginx as a reverse proxy with https (let's encrypt) with the following config:-
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Fowarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Fowarded-Proto $scheme;
proxy_pass http://localhost:8080;
}
Now if I set session.cookie.secure to true I am not able to get the Cookies on the nodejs app, even though I have set
server.express.set('trust proxy', true);
and session.proxy is also set to true
and all headers are passing correctly from nginx:

Also when I log req.protocol it is set to be http instead of https and the req.ip is 127.0.0.1 even though trust proxy is enabled! (you can see the second last log in the image above)
This is not ideal and will give trouble in future too when I will try to use yoga with reverse proxy
I guess to reproduce do:
If req.protocol somehow become https this will get automatically get solved
I finally resolved this issue modifying my nginx config like so, I took this from ghost js config
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8080;
}
Most helpful comment
I finally resolved this issue modifying my nginx config like so, I took this from ghost js config