Force Https does not work properly

[QinYueQwQ]

I have enabled the HTTP service on port 90 and the HTTPS service on port 444. And use FRP to map them to ports 80 and 443. However, even if I enable Force HTTPS, when using the http://prefix or using only the domain name, hfs will still be accessed through HTTP and will not automatically redirect to HTTPS.

[QinYueQwQ]

I switched from 0.53.0 Alpha2 to 0.52.7, but it still doesn't work properly.

[rejetto]

i think it's because you need to add X-Forwarded-Proto to your nginx. Give it a try

[QinYueQwQ]

I tried using X-Forwarded Proto in frpc and Nginx, and even tried Apache virtual hosting, but it still didn't work.

[rejetto]

how did you configure it? was it like this? proxy_set_header X-Forwarded-Proto $scheme;

[QinYueQwQ]

server {
listen 19201;
server_name domain.com;

location / {
    proxy_pass http://localhost:90;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

} I am not familiar with using nginx, is this configuration correct?

[rejetto]

i still have to make some investigation on this, but i think you are doing one thing wrong: if you want to use http just to redirect to https, you should make this on nginx directly, NOT forward 80-90 and use HFS to redirect. At that point you can disable http on HFS .

[rejetto]

If you want to have http-to-https redirection with a reverse-proxy, you cannot use the "Force HTTPS" feature of HFS, as this would redirect to the internal HTTPS port, while you want to redirect to 443. While this is still possible with a simple script, the correct way to handle this is to configure your proxy to do the job. I just added this to the wiki.

[rejetto]

this new message should make it clear for the admin

[QinYueQwQ]

OK.I'm planning to close the HTTP port of HFS and use Redirect permanent (I'm using Apache) to enforce HTTPS access. Thank you for your response!