Need help with reverse proxy config and Devi-Web
I'm having trouble with a reverse-proxy config and could use some assistance. We have the following setup: LOAD BALANCER Accepts requests via the official hostname and HTTPS (port 443) Forwards requests to Devpi Nginx server Sends headers X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto matching the official hostname, HTTPS, and 443. DEVPI NGINX SERVER Accepts requests via port 80 Serves requests for +f files directly (works perfectly) Forwards remaining requests to Devpi Python server DOES NOT override headers X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto (I have those proxy_set_header values from the recommended nginx.conf commented out so that Nginx doesn't override them) DOES NOT send header X-Outside-Url (I also have that commented out) The behavior is that all links, CSS tags, and JavaScript tags point to http://localhost/... instead of https://the.correct.domain.name/... What do I need to change to make Devpi properly use the X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto headers coming from the load balancer? Thanks, Nick
Hi! In the nginx config set the X-outside-url header with something like this (didn't test, might need to be adjusted): proxy_set_header X-outside-url $http_x_forwarded_proto://$http_x_forwarded_host:$http_x_forwarded_port; Regards, Florian Schulze On 18 Dec 2019, at 22:10, Nicholas Williams wrote:
I'm having trouble with a reverse-proxy config and could use some assistance.
We have the following setup:
LOAD BALANCER Accepts requests via the official hostname and HTTPS (port 443) Forwards requests to Devpi Nginx server Sends headers X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto matching the official hostname, HTTPS, and 443.
DEVPI NGINX SERVER Accepts requests via port 80 Serves requests for +f files directly (works perfectly) Forwards remaining requests to Devpi Python server DOES NOT override headers X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto (I have those proxy_set_header values from the recommended nginx.conf commented out so that Nginx doesn't override them) DOES NOT send header X-Outside-Url (I also have that commented out)
The behavior is that all links, CSS tags, and JavaScript tags point to http://localhost/... instead of https://the.correct.domain.name/...
What do I need to change to make Devpi properly use the X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto headers coming from the load balancer?
Thanks,
Nick
_______________________________________________ devpi-dev mailing list -- devpi-dev@python.org To unsubscribe send an email to devpi-dev-leave@python.org https://mail.python.org/mailman3/lists/devpi-dev.python.org/
Yes, that's what I tried originally, and it worked for external traffic, but it also made it impossible to use the Devpi client locally on the same machine Devpi is running. The Devpi client would only work remotely through the load balancer. In case this helps out anyone else, this is how I solved this problem dynamically. First, I placed these "map" blocks just within the "http" block (above the "server" block) in nginx.conf: map $http_x_forwarded_proto $the_scheme { default $scheme; https https; } map $http_x_forwarded_host $the_host { default $host; ~. $http_x_forwarded_host; } map $http_x_forwarded_port $the_port { default $server_port; 443 443; } Then, I updated "location @proxy_to_app" to look like this: location @proxy_to_app { proxy_pass http://unix:/tmp/devpi-server.sock:; proxy_pass_request_headers on; proxy_set_header X-outside-url $the_scheme://$the_host:$the_port; proxy_set_header X-Forwarder-Proto $the_scheme; proxy_set_header X-Forwarded-Host $the_host; proxy_set_header X-Forwarded-Port $the_port; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; expires -1; # no-cache } It works perfectly this way. Devpi web and client both work correctly remotely through the load balancer, and the Devpi client still works correctly locally on the same machine on which Devpi is running. Thanks, Nick On Thu, Dec 19, 2019 at 3:17 AM Florian Schulze <mail@florian-schulze.net> wrote:
Hi!
In the nginx config set the X-outside-url header with something like this (didn't test, might need to be adjusted):
proxy_set_header X-outside-url $http_x_forwarded_proto://$http_x_forwarded_host:$http_x_forwarded_port;
Regards, Florian Schulze
On 18 Dec 2019, at 22:10, Nicholas Williams wrote:
I'm having trouble with a reverse-proxy config and could use some assistance.
We have the following setup:
LOAD BALANCER Accepts requests via the official hostname and HTTPS (port 443) Forwards requests to Devpi Nginx server Sends headers X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto matching the official hostname, HTTPS, and 443.
DEVPI NGINX SERVER Accepts requests via port 80 Serves requests for +f files directly (works perfectly) Forwards remaining requests to Devpi Python server DOES NOT override headers X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto (I have those proxy_set_header values from the recommended nginx.conf commented out so that Nginx doesn't override them) DOES NOT send header X-Outside-Url (I also have that commented out)
The behavior is that all links, CSS tags, and JavaScript tags point to http://localhost/... instead of https://the.correct.domain.name/...
What do I need to change to make Devpi properly use the X-Forwaded-Port, X-Forwarded-Host, X-Forwarded-Proto headers coming from the load balancer?
Thanks,
Nick
_______________________________________________ devpi-dev mailing list -- devpi-dev@python.org To unsubscribe send an email to devpi-dev-leave@python.org https://mail.python.org/mailman3/lists/devpi-dev.python.org/
participants (2)
-
Florian Schulze
-
Nicholas Williams