A typical Nginx setup uses fastcgi_pass directives to pass the request to the PHP-FPM daemon. If you would be running an Apache setup, Apache would automatically set the HTTPS server variable, that PHP code can check via $_SERVER['HTTPS'] to determine if the request is HTTP or HTTPs.

In fact, that’s how most CMS’s (WordPress, Drupal, …) determine the server environment. They’ll also use it for redirects from HTTP-to-HTTPs or vica versa, depending on the config. So the existence of the $_SERVER['HTTPS'] variable is pretty crucial.

Nginx doesn’t pass the variable by default to the PHP-FPM daemon when you use fastcgi_pass, but it is easily added.

A basic example in Nginx looks like this.

include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

# Check if the PHP source file exists (prevents the cgi.fix_pathinfo=1 exploits)
if (-f $request_filename) {
    fastcgi_pass   backend_php; # This backend is defined elsewhere in your Nginx configs
}

The example above is a classic one, that just passes all to PHP. In order to make PHP-FPM aware of your HTTPs setup, you need to add a fastcgi_param environment variable to the config.

include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

# Make PHP-FPM aware that this vhost is HTTPs enabled
fastcgi_param  HTTPS 'on';

# Check if the PHP source file exists (prevents the cgi.fix_pathinfo=1 exploits)
if (-f $request_filename) {
    fastcgi_pass   backend_php; # This backend is defined elsewhere in your Nginx configs
}

The solution is in the fastcgi_param HTTPS 'on'; line, which passes the HTTPS variable to the PHP-FPM daemon.

来自  https://ma.ttias.be/setting-https-server-variables-in-php-fpm-with-nginx/

PHP-FPM + Nginx 架构下解决SSL不输出 $_SERVER['HTTPS'] 问题

背景： 最近在搭建Discuz X，因为考虑支持HTTPS，所以按照经验来部署证书，服务器用的是阿里云的云服务，选择了LNMP。但是chrome一直都提示不安全，还提示此网页正试图从未经验证的来源加载脚本 。这说明我页面上加载的资源不纯粹是https的，有部分是http的或者有些资源不支持https却用了https。打开浏览器控制台找到提示的源，发现基本都是功能组件加载的时候是以http加载的。
在搜索学习之后，才定位到问题所在，例如在source/class/discuz/discuz_application.php文件中

$_G['isHTTPS'] = ($_SERVER['HTTPS'] && strtolower($_SERVER['HTTPS']) != 'off') ? true : false;

使用$_SERVER['HTTPS']来判断是http还是https,但在Nginx+PHP-FPM架构下，nginx使用fastcgi_pass指令将请求传递给PHP-FPM，但是在使用fastcgi_pass时，Nginx默认不会将HTTPS传递给PHP-FPM。如果你使用的是Apache，它就会自动设置HTTPS服务器变量，PHP代码可以通过$ _SERVER ['HTTPS']检查以确定请求是HTTPS还是HTTP。那现在就需要需改nginx配置或者discuz程序来解决问题。基于服务器的兼容性考虑，还是修改nginx配置。因为很多CMS程序（WordPress，Drupal，...）都是使用$ _SERVER ['HTTPS']来确定请求是HTTPS还是HTTP。修改方法如下：

方法1：增加 一个fastcgi_param 环境变量即可。

fastcgi_param  HTTPS 'on';

将上述代码添加至网站对应的Nginx配置文件中。但要注意，按我理解，这样也会导致一个问题。因为这种方式属于写死环境变量，在此环境变量生效的区域，服务器无法判断是http请求还是https请求。如果你的站点两种请求都支持，建议把两种请求的配置分开写，类似与人工预设请求的类型。我的网站决定已经只支持https，所以这种方式问题不大，http的请求也设置了跳转至https。所以我只需要是写在虚拟机配置文件中即可。

方法2：修改web程序的判断方式，不要只根据环境变量来判断，增加一个请求的端口的判断条件。我们一般HTTP请求都使用80端口，而HTTPS则使用443端口。按照这个思路，可以将上诉文件中的代码改为如下所示。

$_G['isHTTPS'] = ($_SERVER['SERVER_PORT'] == 443 || $_SERVER['HTTPS'] && strtolower($_SERVER['HTTPS']) != 'off') ? true : false;

方法3：你要把代理程序改成Apache我也是没办法啊。

后记：记得检查其他引用资料是否为https 比如模板中备案号查询地址等处。有问题欢迎留言讨论！

来自  https://www.jianshu.com/p/b51ac3bec677