#6013 closed enhancement (fixed)
[PATCH] Support X_FORWARDED_PROTO header
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12.3 |
| Component: | web frontend | Version: | |
| Severity: | normal | Keywords: | nginx proxy https |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
In many proxy configurations, specifically when running tracd behind Nginx, https:// request will get redirected to http://
One solution is to set the base_url in trac.ini. However, this effectively destroys the possibility of having http:// access.
A solution is to simple allow the proxy to set the X_FORWARDED_PROTO header. Attached is a patch to respect the X_FORWARDED_PROTO header.
An example usage in Nginx would be:
location / {
proxy_pass http://dev;
proxy_set_header X-Forwarded-Proto https;
}
Attachments (1)
Change History (10)
by , 17 years ago
| Attachment: | x_forwarded_proto.patch added |
|---|
follow-up: 4 comment:3 by , 17 years ago
What I don't get about this: if you're using something like mod_proxy_http, it should be rewriting the Host and Location headers. So if you'd have an outgoing request such as:
301 Moved Temporarily HTTP/1.1 Location: http://localhost:8080/foo
then the proxy should be translating that to the corresponding outside URL:
301 Moved Temporarily HTTP/1.1 Location: https://example.org/foo
(Using ProxyPass and ProxyPassReverse in Apache httpd)
This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like X_FORWARDED_HOST into account. It seemed like a good idea, but it just throws off the proxy logic.
What am I missing here?
follow-up: 5 comment:4 by , 17 years ago
Replying to cmlenz:
(Using
ProxyPassandProxyPassReversein Apache httpd)This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like
X_FORWARDED_HOSTinto account. It seemed like a good idea, but it just throws off the proxy logic.What am I missing here?
The fact that I'm not using apache ;) I hate apache and think it's crap (an opinion shared by many). So I don't use it. Nginx doesn't work that way. It apparently doesn't do any rewriting of responses. So you simply get redirected to http://
I'll setup an apache instance and see how that handles things.
comment:5 by , 17 years ago
Replying to John Hampton <pacopablo@pacopablo.com>:
Replying to cmlenz:
(Using
ProxyPassandProxyPassReversein Apache httpd)This stuff only works if the absolute URLs generated by Trac match the proxy configuration, which is why we're no longer taking stuff like
X_FORWARDED_HOSTinto account. It seemed like a good idea, but it just throws off the proxy logic.What am I missing here?
The fact that I'm not using apache ;) I hate apache and think it's crap (an opinion shared by many).
Well, that was just an example for what I consider the correct behavior for a reverse HTTP proxy ;)
It looks like Nginx has a similar construct, and it should even be the default IIUC:
http://wiki.codemongers.com/NginxHttpProxyModule#proxy_redirect
follow-up: 7 comment:6 by , 17 years ago
| Milestone: | 0.11 → 0.11.1 |
|---|
Probably a configuration issue, not for 0.11 anyway.
comment:7 by , 14 years ago
| Milestone: | next-minor-0.12.x |
|---|---|
| Resolution: | → worksforme |
| Status: | new → closed |
Replying to cboos:
Probably a configuration issue, not for 0.11 anyway.
If not a config issue, feel free to reopen.
comment:8 by , 13 years ago
| Component: | general → web frontend |
|---|---|
| Milestone: | → 0.12.3 |
| Resolution: | worksforme → fixed |
comment:9 by , 13 years ago
| Owner: | changed from to |
|---|
patch to support X_FORWARDED_PROTO