Deploy asp.net core mvc behind NGINX that does SSL Termination - Redirects to non secure login page
Update .NETCore 1.0.1, 1.0.2, 1.1.0:
New update .NETCore 1.0.1, 1.0.2, 1.1.0 seems fixed the issue
Update workaround:
Understand the root cause from answer https://serverfault.com/a/516382/379823
It works for us on Ubuntu 16.04 LTS / Nginx/1.10.0
Add map:
map $http_x_forwarded_proto $thescheme { default $scheme; https https;}
and changing the proxy_set_header line to use the new scheme:
# proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header X-Forwarded-Proto $thescheme;
Previous workaround:
We got the same issue. We do workaround by NGINX redirect HTTP => HTTPS (will get double redirect).
When I just read carefully docs.asp.net again, it seems redirect HTTP => HTTPS is the only way this time.
server { listen *:80; add_header Strict-Transport-Security max-age=15768000; return 301 https://$host$request_uri;}
See docs here Securing our application / Configure SSL