Edgewall Software
Modify

Opened 12 years ago

Closed 9 years ago

Last modified 8 years ago

#6013 closed enhancement (fixed)

[PATCH] Support X_FORWARDED_PROTO header

Reported by: John Hampton <pacopablo@…> Owned by: John Hampton <pacopablo@…>
Priority: normal Milestone: 0.12.3
Component: web frontend Version:
Severity: normal Keywords: nginx proxy https
Cc: Branch:
Release Notes:
API Changes:

Description

In many proxy configurations, specifically when running tracd behind Nginx, https:// request will get redirected to http://

One solution is to set the base_url in trac.ini. However, this effectively destroys the possibility of having http:// access.

A solution is to simple allow the proxy to set the X_FORWARDED_PROTO header. Attached is a patch to respect the X_FORWARDED_PROTO header.

An example usage in Nginx would be:

location / {
        proxy_pass      http://dev;
        proxy_set_header  X-Forwarded-Proto  https;
}

Attachments (1)

x_forwarded_proto.patch (586 bytes ) - added by John Hampton <pacopablo@…> 12 years ago.
patch to support X_FORWARDED_PROTO

Download all attachments as: .zip

Change History (10)

by John Hampton <pacopablo@…>, 12 years ago

Attachment: x_forwarded_proto.patch added

patch to support X_FORWARDED_PROTO

comment:1 by Christopher Lenz, 12 years ago

This is related to #2553.

comment:2 by Christopher Lenz, 12 years ago

And #5064.

comment:3 by Christopher Lenz, 12 years ago

What I don't get about this: if you're using something like mod_proxy_http, it should be rewriting the Host and Location headers. So if you'd have an outgoing request such as:

   301 Moved Temporarily HTTP/1.1
   Location: http://localhost:8080/foo

then the proxy should be translating that to the corresponding outside URL:

   301 Moved Temporarily HTTP/1.1
   Location: https://example.org/foo

(Using ProxyPass and ProxyPassReverse in Apache httpd)

This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like X_FORWARDED_HOST into account. It seemed like a good idea, but it just throws off the proxy logic.

What am I missing here?

in reply to:  3 ; comment:4 by John Hampton <pacopablo@…>, 12 years ago

Replying to cmlenz:

(Using ProxyPass and ProxyPassReverse in Apache httpd)

This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like X_FORWARDED_HOST into account. It seemed like a good idea, but it just throws off the proxy logic.

What am I missing here?

The fact that I'm not using apache ;) I hate apache and think it's crap (an opinion shared by many). So I don't use it. Nginx doesn't work that way. It apparently doesn't do any rewriting of responses. So you simply get redirected to http://

I'll setup an apache instance and see how that handles things.

in reply to:  4 comment:5 by Christopher Lenz, 12 years ago

Replying to John Hampton <pacopablo@pacopablo.com>:

Replying to cmlenz:

(Using ProxyPass and ProxyPassReverse in Apache httpd)

This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like X_FORWARDED_HOST into account. It seemed like a good idea, but it just throws off the proxy logic.

What am I missing here?

The fact that I'm not using apache ;) I hate apache and think it's crap (an opinion shared by many).

Well, that was just an example for what I consider the correct behavior for a reverse HTTP proxy ;)

It looks like Nginx has a similar construct, and it should even be the default IIUC:

http://wiki.codemongers.com/NginxHttpProxyModule#proxy_redirect

comment:6 by Christian Boos, 12 years ago

Milestone: 0.110.11.1

Probably a configuration issue, not for 0.11 anyway.

in reply to:  6 comment:7 by Christian Boos, 9 years ago

Milestone: next-minor-0.12.x
Resolution: worksforme
Status: newclosed

Replying to cboos:

Probably a configuration issue, not for 0.11 anyway.

If not a config issue, feel free to reopen.

comment:8 by Jun Omae, 8 years ago

Component: generalweb frontend
Milestone: 0.12.3
Resolution: worksformefixed

Related to #8131, the patch has been applied in [10853]. Thanks!

comment:9 by Jun Omae, 8 years ago

Owner: changed from Jonas Borgström to John Hampton <pacopablo@…>

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain John Hampton <pacopablo@…>.
The resolution will be deleted. Next status will be 'reopened'.
to as closed The owner will be changed from John Hampton <pacopablo@…> to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.