You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I got the issue on the setup from #2060, but I believe it's not necessary to build the setup and maybe only two vhosts are required, probably even for the same server group. The issue happens with config
listen 80;
listen 443 proto=h2;
cache 2;
cache_fulfill * *;
cache_methods GET HEAD;
cache_purge;
# Allow purging from the containers (upstream), localhost (VM) and the host.
cache_purge_acl 192.168.100.1 10.245.18.154 127.0.0.1;
access_log on;
frang_limits {
request_rate 200;
http_method_override_allowed true;
http_methods post put get;
}
block_action attack reply;
block_action error reply;
# Make WordPress to work over TLS.
# See https://tempesta-tech.com/knowledge-base/WordPress-tips-and-tricks/
req_hdr_add X-Forwarded-Proto "https";
resp_hdr_set Strict-Transport-Security "max-age=31536000; includeSubDomains";
tls_certificate /etc/tempesta/tfw-root.crt;
tls_certificate_key /etc/tempesta/tfw-root.key;
srv_group production {
server 10.245.18.154 conns_n=2;
}
srv_group staging {
server 10.245.18.235 conns_n=2;
}
vhost tempesta-tech.com {
proxy_pass production;
}
vhost staging.tempesta-tech.com {
req_hdr_set host "tempesta-tech.com";
proxy_pass staging;
}
http_chain {
# Redirect old URLs from the old static website
uri == "/index" -> 301 = /;
uri == "/development-services" -> 301 = /network-security-performance-analysis;
# Proably outdated redirects
uri == "/index.html" -> 301 = /;
uri == "/services" -> 301 = /development-services;
uri == "/services.html" -> 301 = /development-services;
uri == "/c++-services" -> 301 = /development-services;
uri == "/company.html" -> 301 = /company;
uri == "/blog/fast-programming-languages-c-c++-rust-assembly" -> 301 = /blog/fast-programming-languages-c-cpp-rust-assembly;
host == staging.tempesta-tech.com -> staging.tempesta-tech.com;
host == "tempesta-tech.com" -> tempesta-tech.com;
}
In particular, I see that an HTTP request going to the 10.245.18.235 upstream contain the rewritten host from tempesta-tech.com to staging.tempesta-tech.com. This is the job of req_hdr_set host "tempesta-tech.com"; declared in the vhost configuration. However, I also expected that the request also should contain x-forwarded-proto: https from the global configuration req_hdr_add X-Forwarded-Proto "https"; ,but it doesn't happen and I see with tcpdump that a request is forwarded as
I got the issue on the setup from #2060, but I believe it's not necessary to build the setup and maybe only two vhosts are required, probably even for the same server group. The issue happens with config
In particular, I see that an HTTP request going to the 10.245.18.235 upstream contain the rewritten host from
tempesta-tech.com
tostaging.tempesta-tech.com
. This is the job ofreq_hdr_set host "tempesta-tech.com";
declared in the vhost configuration. However, I also expected that the request also should containx-forwarded-proto: https
from the global configurationreq_hdr_add X-Forwarded-Proto "https";
,but it doesn't happen and I see with tcpdump that a request is forwarded asI.e.
x-forwarded-proto: https
isn't set and I get 301 redirect from WordPress.If I add the header to the configuration
then I see the header in the forwarded HTTP request to the staging container.
Need to either fix the code or describe the behavior in the Wiki. Also we need a test for this, @RomanBelozerov FYI
The text was updated successfully, but these errors were encountered: