I have a flask app, hosted by uwsgi, with nginx as a reverse proxy to uwsgi, using the built-in uwsgi proxy module. Whenever I visit a page that redirects to another page, the Location header points to a non-HTTPS URL. For example:
$ socat openssl:my-web-server:443 stdio
GET / HTTP/1.0
Host: my-web-server
HTTP/1.1 302 FOUND
Server: nginx/1.0.4
[...]
Location: http://my-web-server/login
My nginx config looks like this:
server {
    listen 80;
    listen 443 ssl;
    server_name my-web-server;
    charset utf-8;
    ssl_certificate /etc/nginx/certs/server.pem;
    ssl_certificate_key /etc/nginx/certs/server.key;
    location / {
        uwsgi_pass unix:/tmp/uwsgi.sock;
        include uwsgi_params;
    }
}
Nginx implements a uwsgi proxying mechanism, which is a fast binary protocol that uWSGI can use to talk with other servers. The uwsgi protocol is actually uWSGI's default protocol, so simply by omitting a protocol specification, it will fall back to uwsgi .
uwsgi needs to be passed the scheme (http or https) used to serve the request in order to write the correct Location header.
By default a bunch of settings are set in the /etc/nginx/uwsgi_params file.  The include uwsgi_params; line in the config file is what load these.
For whatever reason, though, the scheme is not one of these default settings. This can be fixed by adding:
uwsgi_param UWSGI_SCHEME $scheme;
to the nginx configuration after the include uwsgi_params; line, or by adding it to the /etc/nginx/uwsgi_params file directly.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With