1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
5 // Package railsproxy implements Arvados APIs by proxying to the
6 // RailsAPI server on the local machine.
15 "git.curoverse.com/arvados.git/lib/controller/rpc"
16 "git.curoverse.com/arvados.git/sdk/go/arvados"
19 // For now, FindRailsAPI always uses the rails API running on this
21 func FindRailsAPI(cluster *arvados.Cluster) (*url.URL, bool, error) {
23 for target := range cluster.Services.RailsAPI.InternalURLs {
24 target := url.URL(target)
26 if strings.HasPrefix(target.Host, "localhost:") || strings.HasPrefix(target.Host, "127.0.0.1:") || strings.HasPrefix(target.Host, "[::1]:") {
31 return nil, false, fmt.Errorf("Services.RailsAPI.InternalURLs is empty")
33 return best, cluster.TLS.Insecure, nil
36 func NewConn(cluster *arvados.Cluster) *rpc.Conn {
37 url, insecure, err := FindRailsAPI(cluster)
41 conn := rpc.NewConn(cluster.ClusterID, url, insecure, rpc.PassthroughTokenProvider)
42 // If Rails is running with force_ssl=true, this
43 // "X-Forwarded-Proto: https" header prevents it from
44 // redirecting our internal request to an invalid https URL.
45 conn.SendHeader = http.Header{"X-Forwarded-Proto": []string{"https"}}