From 907b0b6de92bcfd0906d484db1058dc5cafb9ec5 Mon Sep 17 00:00:00 2001
From: Jonathan Niles <jniles@users.noreply.github.com>
Date: Sat, 27 Dec 2025 11:45:20 -0600
Subject: [PATCH] Update X-Forwarded-Proto directive in backend.conf

Updates the nginx odk setup script to point to the correct nginx configuration file when pinning `X-Forwarded-Proto` to 'https'.  Fixes a minor regression introduced during refactoring in 924d320112b1e5d5929803a51f3bad7056d1295e.

For more discussion, see https://forum.getodk.org/t/setting-up-central-behind-a-proxy-this-authentication-method-is-only-available-over-https/57236/10.
---
 files/nginx/setup-odk.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/nginx/setup-odk.sh b/files/nginx/setup-odk.sh
index 407fdb3c7..d192c3acd 100755
--- a/files/nginx/setup-odk.sh
+++ b/files/nginx/setup-odk.sh
@@ -59,7 +59,7 @@ else
     # strip out all ssl_* directives
     perl -i -ne 's/listen 443.*/listen 80;/; print if ! /ssl_/' /etc/nginx/conf.d/odk.conf
     # force https because we expect SSL upstream
-    perl -i -pe 's/X-Forwarded-Proto \$scheme/X-Forwarded-Proto https/;' /etc/nginx/conf.d/odk.conf
+    perl -i -pe 's/X-Forwarded-Proto \$scheme/X-Forwarded-Proto https/;' /usr/share/odk/nginx/backend.conf
     echo "starting nginx for upstream ssl..."
   else
     # remove letsencrypt challenge reply, but keep 80 to 443 redirection