[Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal

data/conf/nginx/site.conf

@@ -7,11 +7,12 @@ map $http_x_forwarded_proto $client_req_scheme {
      https https;
 }
 
-server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
-  include /etc/nginx/conf.d/server_name.active;
-  return 301 https://$host$request_uri;
+geo $non_internal {
+    default         1;
+    10.0.0.0/8      0;
+    172.16.0.0/12   0;
+    192.168.0.0/16  0;
+    fc00::/7        0;
 }
 
 server {
@@ -32,6 +33,10 @@ server {
   include /etc/nginx/conf.d/listen_plain.active;
   include /etc/nginx/conf.d/server_name.active;
 
+  if ($non_internal) {
+    return 302 https://$server_name$request_uri;
+  }
+
   error_log  /var/log/nginx/error.log;
   access_log /var/log/nginx/access.log;
   absolute_redirect off;
@@ -50,7 +55,7 @@ server {
   set_real_ip_from 10.0.0.0/8;
   set_real_ip_from 172.16.0.0/12;
   set_real_ip_from 192.168.0.0/16;
-  set_real_ip_from fd00::/8;
+  set_real_ip_from fc00::/7;
   real_ip_header X-Forwarded-For;
   real_ip_recursive on;
 
@@ -232,7 +237,7 @@ server {
   set_real_ip_from 10.0.0.0/8;
   set_real_ip_from 172.16.0.0/12;
   set_real_ip_from 192.168.0.0/16;
-  set_real_ip_from fd00::/8;
+  set_real_ip_from fc00::/7;
   real_ip_header X-Forwarded-For;
   real_ip_recursive on;