I am having the exact same issue. I've set up devpi to be served inside a kubernetes cluster and use "edge-termination" for SSL traffic. This means that the traffic goes from the browser to K8S as HTTPS which forwards the traffic *unencrypted* to devpi. All links to resources like CSS and JS files are rendered as "http" on the returned document which causes the browser to block them. On a wild guess I assume that devpi auto-detects the protocol? If that is the case then is makes sense that the links are generated as HTTP instead of HTTPS. Because the edge-termination of SSL traffic makes devpi blissfully unaware that there is SSL in place. So there would need to be a way to force devpi to generate links as HTTPS instead of HTTP. Is there a way to do this?
It seems that this may be related to https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#p... I'll try to fiddle-together a quick PR to expose the "kwargs" of that function via the existing devpi yaml config.
Hi, The issue you face comes from waitress AFAIR - https://docs.pylonsproject.org/projects/waitress/en/stable/reverse-proxy.htm... I had the same issue on my setup. Make sure to properly set X-outside-url and pass X-Forwarded-For X-Forwarded-Host X-Forwarded-Serverl headers on your cluster ingress. I hope this helps, Mariusz pt., 12 lip 2019 o 09:58 Michel Albert <exhuma@gmail.com> napisał(a):
I'm actually not quite sure how to do this in OpenShift... I'll need to investigate.
The X-Forwarded-Proto, X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Port headers are the preferred way. https://docs.pylonsproject.org/projects/waitress/en/stable/reverse-proxy.htm... The X-Outside-URL header is required when devpi isn't served on the root of the domain, i.e. https://example.com/devpi instead of https://example.com. As a last resort there is the --outside-url command line option, but this always rewrites the URLs. In your case this might be a way to get it to work if you can't get the headers set. Regards, Florian Schulze On 12 Jul 2019, at 11:32, Michel Albert wrote:
Thanks for the reply. We are currently uncertain if the K8S sets these headers. And we will investigate. In any case, I will (for now) use the `--outside-url` argument. It works as advertised :) Thanks a lot for the quick reply. It solves our issue :)
It seems that this may be related to https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#p... I'll try to fiddle-together a quick PR to expose the "kwargs" of that function via the existing devpi yaml config.
Hi, The issue you face comes from waitress AFAIR - https://docs.pylonsproject.org/projects/waitress/en/stable/reverse-proxy.htm... I had the same issue on my setup. Make sure to properly set X-outside-url and pass X-Forwarded-For X-Forwarded-Host X-Forwarded-Serverl headers on your cluster ingress. I hope this helps, Mariusz pt., 12 lip 2019 o 09:58 Michel Albert <exhuma@gmail.com> napisał(a):
I'm actually not quite sure how to do this in OpenShift... I'll need to investigate.
The X-Forwarded-Proto, X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Port headers are the preferred way. https://docs.pylonsproject.org/projects/waitress/en/stable/reverse-proxy.htm... The X-Outside-URL header is required when devpi isn't served on the root of the domain, i.e. https://example.com/devpi instead of https://example.com. As a last resort there is the --outside-url command line option, but this always rewrites the URLs. In your case this might be a way to get it to work if you can't get the headers set. Regards, Florian Schulze On 12 Jul 2019, at 11:32, Michel Albert wrote:
Thanks for the reply. We are currently uncertain if the K8S sets these headers. And we will investigate. In any case, I will (for now) use the `--outside-url` argument. It works as advertised :) Thanks a lot for the quick reply. It solves our issue :)
participants (4)
-
Florian Schulze -
Mariusz Rusiniak -
Michel Albert -
Michel Albert