Allow proxying to full urls with https

dev-proxy.sh

@@ -1,9 +1,27 @@
 #!/bin/bash
 DOMAIN=$1
-TARGET=$2
+TARGET_RAW=$2
 PATTERNS=$3
 REAL_IP_OVERRIDE=$4
 HOSTS_LINE="127.0.0.1 $DOMAIN"
+
+# Parse TARGET: support both host:port and full URLs (http:// or https://)
+if [[ "$TARGET_RAW" =~ ^https?:// ]]; then
+  TARGET_SCHEME=$(echo "$TARGET_RAW" | sed -E 's|^(https?)://.*|\1|')
+  TARGET_HOST=$(echo "$TARGET_RAW" | sed -E 's|^https?://([^/:]+).*|\1|')
+  TARGET_PORT=$(echo "$TARGET_RAW" | sed -E 's|^https?://[^/:]+:?([0-9]*)/?\s*$|\1|')
+  if [ -z "$TARGET_PORT" ]; then
+    if [ "$TARGET_SCHEME" = "https" ]; then
+      TARGET_PORT=443
+    else
+      TARGET_PORT=80
+    fi
+  fi
+  TARGET="${TARGET_HOST}:${TARGET_PORT}"
+else
+  TARGET_SCHEME="http"
+  TARGET="$TARGET_RAW"
+fi
 NGINX_CONF=$(mktemp)
 CERT_DIR=$(pwd)
 CLEANUP_DONE=0
@@ -73,28 +91,46 @@ if [ -n "$PATTERNS" ]; then
   done
 fi
 
-cat > "$NGINX_CONF" <<EOF
+if [ "$TARGET_SCHEME" = "https" ]; then
-worker_processes 1;
+  # For HTTPS targets, use proxy_pass directly (no upstream block)
-error_log /dev/stderr info;
+  # so nginx handles SNI correctly per-request
-pid /tmp/nginx-dev-proxy.pid;
+  LOCAL_DEV_BLOCK="
+    server {
+        listen 443 ssl http2;
+        server_name $DOMAIN;
 
-events {
+        ssl_certificate $CERT_DIR/$DOMAIN.pem;
-    worker_connections 1024;
+        ssl_certificate_key $CERT_DIR/$DOMAIN-key.pem;
-}
 
-http {
+        resolver 8.8.8.8 1.1.1.1 ipv6=off;
-    access_log /dev/stdout combined;
 
-    # Upstream for local dev server
+        # Passthrough patterns go to real upstream
+        $PASSTHROUGH_LOCATIONS
+
+        # Everything else goes to local dev server
+        location / {
+            set \$backend \"${TARGET_SCHEME}://${TARGET_HOST}:${TARGET_PORT}\";
+            proxy_pass \$backend;
+            proxy_http_version 1.1;
+            proxy_set_header Host ${TARGET_HOST};
+            proxy_set_header X-Real-IP \$remote_addr;
+            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto \$scheme;
+            proxy_set_header X-Forwarded-Host \$host;
+            proxy_set_header Upgrade \$http_upgrade;
+            proxy_set_header Connection \"upgrade\";
+            proxy_read_timeout 86400;
+            proxy_ssl_server_name on;
+            proxy_ssl_name ${TARGET_HOST};
+        }
+    }"
+else
+  # For plain host:port targets, use upstream block as before
+  LOCAL_DEV_BLOCK="
     upstream local_dev {
         server $TARGET;
     }
 
-    # Upstream for real server
-    upstream real_server {
-        server $REAL_IP:443;
-    }
-
     server {
         listen 443 ssl http2;
         server_name $DOMAIN;
@@ -115,10 +151,24 @@ http {
             proxy_set_header X-Forwarded-Proto \$scheme;
             proxy_set_header X-Forwarded-Host \$host;
             proxy_set_header Upgrade \$http_upgrade;
-            proxy_set_header Connection "upgrade";
+            proxy_set_header Connection \"upgrade\";
             proxy_read_timeout 86400;
         }
-    }
+    }"
+fi
+
+cat > "$NGINX_CONF" <<EOF
+worker_processes 1;
+error_log /dev/stderr info;
+pid /tmp/nginx-dev-proxy.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    access_log /dev/stdout combined;
+$LOCAL_DEV_BLOCK
 }
 EOF