projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 751cd38)
13497: Fix Rails redirect targets.
authorTom Clegg <tclegg@veritasgenetics.com>
Thu, 12 Jul 2018 18:09:59 +0000 (14:09 -0400)
committerTom Clegg <tclegg@veritasgenetics.com>
Fri, 13 Jul 2018 14:54:51 +0000 (10:54 -0400)
Rails relies on the X-Forwarded-Proto request header, so we need to
set that in the test suite's Nginx config, like we do in the install
guide.

Also tidy up needlessly divergent proxy directives in Nginx test
config.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

lib/controller/handler.go patch | blob | history
sdk/python/tests/nginx.conf patch | blob | history

diff --git a/lib/controller/handler.go b/lib/controller/handler.go
index 92ded6301f3975245c13eadf398d387303dd216e..30994130d5a3312de1a2485cc426076467cd1a55 100644 (file)
--- a/lib/controller/handler.go
+++ b/lib/controller/handler.go
@@ -94,6 +94,9 @@ func (h *Handler) proxyRailsAPI(w http.ResponseWriter, reqIn *http.Request) {
                xff = xffIn + "," + xff
        }
        hdrOut.Set("X-Forwarded-For", xff)
+       if hdrOut.Get("X-Forwarded-Proto") == "" {
+               hdrOut.Set("X-Forwarded-Proto", reqIn.URL.Scheme)
+       }
        hdrOut.Add("Via", reqIn.Proto+" arvados-controller")
 
        ctx := reqIn.Context()
diff --git a/sdk/python/tests/nginx.conf b/sdk/python/tests/nginx.conf
index ce1929fdf710b5960df392cfe348016b4309becb..4fe0c7ae7b34df21c183328b0058c40dc50ed185 100644 (file)
--- a/sdk/python/tests/nginx.conf
+++ b/sdk/python/tests/nginx.conf
@@ -19,6 +19,10 @@ http {
     ssl_certificate_key "{{SSLKEY}}";
     location  / {
       proxy_pass http://arv-git-http;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
     }
   }
   upstream keepproxy {
@@ -31,6 +35,10 @@ http {
     ssl_certificate_key "{{SSLKEY}}";
     location  / {
       proxy_pass http://keepproxy;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
     }
   }
   upstream keep-web {
@@ -43,8 +51,10 @@ http {
     ssl_certificate_key "{{SSLKEY}}";
     location  / {
       proxy_pass http://keep-web;
-      proxy_set_header Host $request_host:{{KEEPWEBPORT}};
+      proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
     }
   }
   server {
@@ -56,7 +66,8 @@ http {
       proxy_pass http://keep-web;
       proxy_set_header Host download:{{KEEPWEBPORT}};
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_redirect //download:{{KEEPWEBPORT}}/ https://$host:{{KEEPWEBDLSSLPORT}}/;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect https://download:{{KEEPWEBPORT}}/ https://$host:{{KEEPWEBDLSSLPORT}}/;
     }
   }
   upstream ws {
@@ -71,8 +82,10 @@ http {
       proxy_pass http://ws;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
-      proxy_set_header Host $request_host:{{WSPORT}};
+      proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
     }
   }
   upstream controller {
@@ -85,7 +98,10 @@ http {
     ssl_certificate_key "{{SSLKEY}}";
     location  / {
       proxy_pass http://controller;
+      proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
     }
   }
 }