#6013 closed enhancement (fixed)
[PATCH] Support X_FORWARDED_PROTO header
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | 0.12.3 |
Component: | web frontend | Version: | |
Severity: | normal | Keywords: | nginx proxy https |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
In many proxy configurations, specifically when running tracd behind Nginx, https:// request will get redirected to http://
One solution is to set the base_url
in trac.ini. However, this effectively destroys the possibility of having http:// access.
A solution is to simple allow the proxy to set the X_FORWARDED_PROTO
header. Attached is a patch to respect the X_FORWARDED_PROTO
header.
An example usage in Nginx would be:
location / { proxy_pass http://dev; proxy_set_header X-Forwarded-Proto https; }
Attachments (1)
Change History (10)
by , 17 years ago
Attachment: | x_forwarded_proto.patch added |
---|
follow-up: 4 comment:3 by , 17 years ago
What I don't get about this: if you're using something like mod_proxy_http, it should be rewriting the Host and Location headers. So if you'd have an outgoing request such as:
301 Moved Temporarily HTTP/1.1 Location: http://localhost:8080/foo
then the proxy should be translating that to the corresponding outside URL:
301 Moved Temporarily HTTP/1.1 Location: https://example.org/foo
(Using ProxyPass
and ProxyPassReverse
in Apache httpd)
This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like X_FORWARDED_HOST
into account. It seemed like a good idea, but it just throws off the proxy logic.
What am I missing here?
follow-up: 5 comment:4 by , 17 years ago
Replying to cmlenz:
(Using
ProxyPass
andProxyPassReverse
in Apache httpd)This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like
X_FORWARDED_HOST
into account. It seemed like a good idea, but it just throws off the proxy logic.What am I missing here?
The fact that I'm not using apache ;) I hate apache and think it's crap (an opinion shared by many). So I don't use it. Nginx doesn't work that way. It apparently doesn't do any rewriting of responses. So you simply get redirected to http://
I'll setup an apache instance and see how that handles things.
comment:5 by , 17 years ago
Replying to John Hampton <pacopablo@pacopablo.com>:
Replying to cmlenz:
(Using
ProxyPass
andProxyPassReverse
in Apache httpd)This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like
X_FORWARDED_HOST
into account. It seemed like a good idea, but it just throws off the proxy logic.What am I missing here?
The fact that I'm not using apache ;) I hate apache and think it's crap (an opinion shared by many).
Well, that was just an example for what I consider the correct behavior for a reverse HTTP proxy ;)
It looks like Nginx has a similar construct, and it should even be the default IIUC:
http://wiki.codemongers.com/NginxHttpProxyModule#proxy_redirect
follow-up: 7 comment:6 by , 17 years ago
Milestone: | 0.11 → 0.11.1 |
---|
Probably a configuration issue, not for 0.11 anyway.
comment:7 by , 15 years ago
Milestone: | next-minor-0.12.x |
---|---|
Resolution: | → worksforme |
Status: | new → closed |
Replying to cboos:
Probably a configuration issue, not for 0.11 anyway.
If not a config issue, feel free to reopen.
comment:8 by , 13 years ago
Component: | general → web frontend |
---|---|
Milestone: | → 0.12.3 |
Resolution: | worksforme → fixed |
comment:9 by , 13 years ago
Owner: | changed from | to
---|
patch to support X_FORWARDED_PROTO