Allow proxying to full urls with https

2026-02-09 13:26:08 +02:00
parent 0e9b3e35df
commit acbfc98a36
1 changed files with 68 additions and 18 deletions
--- a/dev-proxy.sh
+++ b/dev-proxy.sh
@@ -1,9 +1,27 @@
 #!/bin/bash
 DOMAIN=$1
-TARGET=$2
+TARGET_RAW=$2
 PATTERNS=$3
 REAL_IP_OVERRIDE=$4
 HOSTS_LINE="127.0.0.1 $DOMAIN"
+
+# Parse TARGET: support both host:port and full URLs (http:// or https://)
+if [[ "$TARGET_RAW" =~ ^https?:// ]]; then
+  TARGET_SCHEME=$(echo "$TARGET_RAW" | sed -E 's|^(https?)://.*|\1|')
+  TARGET_HOST=$(echo "$TARGET_RAW" | sed -E 's|^https?://([^/:]+).*|\1|')
+  TARGET_PORT=$(echo "$TARGET_RAW" | sed -E 's|^https?://[^/:]+:?([0-9]*)/?\s*$|\1|')
+  if [ -z "$TARGET_PORT" ]; then
+    if [ "$TARGET_SCHEME" = "https" ]; then
+      TARGET_PORT=443
+    else
+      TARGET_PORT=80
+    fi
+  fi
+  TARGET="${TARGET_HOST}:${TARGET_PORT}"
+else
+  TARGET_SCHEME="http"
+  TARGET="$TARGET_RAW"
+fi
 NGINX_CONF=$(mktemp)
 CERT_DIR=$(pwd)
 CLEANUP_DONE=0
@@ -73,28 +91,46 @@ if [ -n "$PATTERNS" ]; then
  done
 fi

-cat > "$NGINX_CONF" <<EOF
-worker_processes 1;
-error_log /dev/stderr info;
-pid /tmp/nginx-dev-proxy.pid;
+if [ "$TARGET_SCHEME" = "https" ]; then
+  # For HTTPS targets, use proxy_pass directly (no upstream block)
+  # so nginx handles SNI correctly per-request
+  LOCAL_DEV_BLOCK="
+    server {
+        listen 443 ssl http2;
+        server_name $DOMAIN;

-events {
-    worker_connections 1024;
-}
+        ssl_certificate $CERT_DIR/$DOMAIN.pem;
+        ssl_certificate_key $CERT_DIR/$DOMAIN-key.pem;

-http {
-    access_log /dev/stdout combined;
+        resolver 8.8.8.8 1.1.1.1 ipv6=off;

-    # Upstream for local dev server
+        # Passthrough patterns go to real upstream
+        $PASSTHROUGH_LOCATIONS
+
+        # Everything else goes to local dev server
+        location / {
+            set \$backend \"${TARGET_SCHEME}://${TARGET_HOST}:${TARGET_PORT}\";
+            proxy_pass \$backend;
+            proxy_http_version 1.1;
+            proxy_set_header Host ${TARGET_HOST};
+            proxy_set_header X-Real-IP \$remote_addr;
+            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto \$scheme;
+            proxy_set_header X-Forwarded-Host \$host;
+            proxy_set_header Upgrade \$http_upgrade;
+            proxy_set_header Connection \"upgrade\";
+            proxy_read_timeout 86400;
+            proxy_ssl_server_name on;
+            proxy_ssl_name ${TARGET_HOST};
+        }
+    }"
+else
+  # For plain host:port targets, use upstream block as before
+  LOCAL_DEV_BLOCK="
    upstream local_dev {
        server $TARGET;
    }

-    # Upstream for real server
-    upstream real_server {
-        server $REAL_IP:443;
-    }
-
    server {
        listen 443 ssl http2;
        server_name $DOMAIN;
@@ -115,10 +151,24 @@ http {
            proxy_set_header X-Forwarded-Proto \$scheme;
            proxy_set_header X-Forwarded-Host \$host;
            proxy_set_header Upgrade \$http_upgrade;
-            proxy_set_header Connection "upgrade";
+            proxy_set_header Connection \"upgrade\";
            proxy_read_timeout 86400;
        }
-    }
+    }"
+fi
+
+cat > "$NGINX_CONF" <<EOF
+worker_processes 1;
+error_log /dev/stderr info;
+pid /tmp/nginx-dev-proxy.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    access_log /dev/stdout combined;
+$LOCAL_DEV_BLOCK
 }
 EOF