Wanted to allow both HTTP and HTTPS to POST to the API of an old solution I've been maintaining lately. But the Access-Control-Allow-Origin only allows a single domain with strict scheme. This made me look around in the nginx docs again.

Since my site is also answering on multiple domains, this is pretty neat:

server_name example.com www.example.com;
location /api/ {
    add_header Access-Control-Allow-Origin "${scheme}://${server_name}";
    proxy_pass http://localhost:4242/;


  • http://nginx.org/en/docs/varindex.html
  • https://serverfault.com/questions/152194/merging-variable-with-string-in-config-file