Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reverse proxy not done correctly #104

Open
djzort opened this issue Jun 22, 2020 · 7 comments
Open

Reverse proxy not done correctly #104

djzort opened this issue Jun 22, 2020 · 7 comments

Comments

@djzort
Copy link
Contributor

djzort commented Jun 22, 2020

The changes in #101 are not what you want

People should just use

https://metacpan.org/pod/Plack::Middleware::ReverseProxy

Which covers of all the variables
@hidden-primary-net
Copy link
Contributor

Hello @djzort, thanks for your hint, I'll have another look at it.

@hidden-primary-net
Copy link
Contributor

Hi @djzort, what is your proposal?
The swagger spec part is created once, I do not see how a middleware could kick in here.

@djzort
Copy link
Contributor Author

djzort commented Jun 23, 2020
edited
Loading

Possibly P::M::ReverseProxy wont do it at this moment, but along those lines my concern is that reverse proxy variables are notoriously non standard (hence the X). Although there is actually now a standard in https://tools.ietf.org/html/rfc7239

It would be better to make use of an external module who's purpose is to make sense of reverse proxies, rather than taking on maintaining a solution to the problem in Raisin

@hidden-primary-net
Copy link
Contributor

So you're suggesting to provide the correct values to Raisin? At the moment the plugin takes care, this would require to move the environment handling from the plugins to Raisin itself and to have the plugins configured when needed. Did I get you right?

@djzort
Copy link
Contributor Author

djzort commented Jun 24, 2020

Ideally it should be handled by Plack::Middleware if thats what you mean, since its a protocol mutator

@khrt
Copy link
Owner

khrt commented Jun 24, 2020

@hidden-primary-net, I'd like to try to reproduce your problem to see how it can be solved with Plack middlewares.

To do that would you mind telling me what software do you use for proxying, and if it is configured a some special way? Would you mind helping with this?

@hidden-primary-net
Copy link
Contributor

Hi @khrt, we have the swagger service running in a plack process bound to localhost. An apache reverse proxy in front does the TLS termination. It's not too magical:

<VirtualHost *:443>
  ServerName ...

  ## Vhost docroot
  DocumentRoot ...

  <Location "/swagger/x/">
    Require valid-user
    AuthType basic
    AuthName "Restricted area"
    AuthBasicProvider file
    AuthUserFile ...
      ## Request Header rules
            RequestHeader set X-BSS ...
  </Location>

  ## Logging
  ErrorLog ...
  CustomLog ...
  ServerSignature Off

  ## Proxy rules
  ProxyRequests Off
  ProxyPreserveHost Off
  ProxyPass /probe !
  ProxyPassReverse /probe !
  ProxyPass /swagger/x/ http://localhost:30180/
  ProxyPassReverse /swagger/x/ http://localhost:30180/

  ## SSL directives
  SSLEngine on
  SSLCertificateFile ...
  SSLCertificateKeyFile ...
  SSLProtocol ...
  SSLCipherSuite ...
  SSLVerifyClient ...

  ## Custom fragment
  ProxyTimeout 180
</VirtualHost>

What bit me was that initially calling http://localhost:30180/swagger initializes the spec info for the live of the process with the localhost data. We also want to use a swagger-ui that relies on the information from the swagger file, they need to be correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@khrt @djzort @hidden-primary-net