Update force_https.conf

Author: OSPanel

resources/modules/Nginx/conf/snippets/force_https.conf

@@ -1,5 +1,17 @@
-# Redirect all HTTP requests to HTTPS
+# Redirect to HTTPS if request is insecure:
+# - direct HTTP (nginx sees $scheme=http)
+# - and NOT already HTTPS on an upstream proxy (X-Forwarded-Proto != https)
 
-if ($scheme ~* ^(?!https).*$) {
-    return 301 https://$host$request_uri;
+set $redirect_to_https 0;
+
+if ($scheme != "https") {
+    set $redirect_to_https 1;
+}
+
+if ($http_x_forwarded_proto ~* '(^|,\s*)https($|,\s*)') {
+    set $redirect_to_https 0;
 }
+
+if ($redirect_to_https) {
+    return 301 https://$host$request_uri;
+}