chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gert Dewit (Issue Comment Edited) (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Edited] (CMIS-500) AtomPubUtils: Take the X-Forwarded-Host and X-Forwarded-Proto request headers into account when calculating the baseUrl
Date Thu, 09 Feb 2012 18:56:00 GMT

    [ https://issues.apache.org/jira/browse/CMIS-500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13204733#comment-13204733
] 

Gert Dewit edited comment on CMIS-500 at 2/9/12 6:54 PM:
---------------------------------------------------------

This seems a good strategy to me.
This filter can be used where the combination of the correct Apache reverse proxy config and
Tomcat RemoteIpValve is not possible (no Apache reverse proxy, No Apache Tomcat).

The sample configs below can be used with an Apache HTTP Server based reverse proxy and Apache
Tomcat as backed server.
The published url for the application is https://www.frontend.org/cmis, the Apache HTTP server
handles https termination and it's IP address is 192.168.100.254.

httpd.conf snippet:
<Location /cmis>
  RequestHeader set X-Forwarded-Proto "https"
  ProxyPreserveHost
  ProxyPass http://tomcat.backend.org:8080/cmis
  ProxyPassReverse http://tomcat.backend.org:8080/cmis
</Location>

The ProxyPreserveHost directive will pass the Original Host HTTP header to the proxied host,
for this example www.frontend.org, which will be returned by request.getServerName().

tomcat server.xml snippet:
 <Valve 
   className="org.apache.catalina.valves.RemoteIpValve"
   internalProxies="192\.168\.100\.254"
   remoteIpHeader="x-forwarded-for"
   remoteIpProxiesHeader="x-forwarded-by"
   protocolHeader="x-forwarded-proto"
   />

The valve will take care of binding the https scheme to the request.getScheme() and 443 to
request.getServerPort()
                
      was (Author: gertux):
    This seems a good strategy to me.
This filter can be used where the combination of the correct Apache reverse proxy config and
Tomcat RemoteIpValve is not possible (no Apache reverse proxy, No Apache Tomcat).

The sample configs below can be used with an Apache HTTP Server based reverse proxy and Apache
Tomcat as backed server.
The published url for the application is https://www.frontend.org/cmis, the Apache HTTP server
handles https termination and it's IP address is 192.168.100.254.

httpd.conf snippet:
<Location /cmis>
  ProxyPreserveHost
  ProxyPass http://tomcat.backend.org:8080/cmis
  ProxyPassReverse http://tomcat.backend.org:8080/cmis
</Location>

The ProxyPreserveHost directive will pass the Original Host HTTP header to the proxied host,
for this example www.frontend.org, which will be returned by request.getServerName().

tomcat server.xml snippet:
 <Valve 
   className="org.apache.catalina.valves.RemoteIpValve"
   internalProxies="192\.168\.100\.254"
   remoteIpHeader="x-forwarded-for"
   remoteIpProxiesHeader="x-forwarded-by"
   protocolHeader="x-forwarded-proto"
   />

The valve will take care of binding the https scheme to the request.getScheme() and 443 to
request.getServerPort()
                  
> AtomPubUtils: Take the X-Forwarded-Host and X-Forwarded-Proto request headers into account
when calculating the baseUrl
> -----------------------------------------------------------------------------------------------------------------------
>
>                 Key: CMIS-500
>                 URL: https://issues.apache.org/jira/browse/CMIS-500
>             Project: Chemistry
>          Issue Type: Improvement
>          Components: opencmis-server
>    Affects Versions: OpenCMIS 0.7.0
>            Reporter: Gert Dewit
>            Assignee: Florian Müller
>              Labels: patch
>         Attachments: XForwardedHeaders.patch
>
>
> When the OpenCMIS server is deployed behind a reverse proxy, the service document doesn't
return the correct URLs.
> If it takes the X-Forwarded-Host and X-Forwarded-Proto request headers into account when
calculating the baseUrl the URLs are correct.
> A patch against revision 1241367 is attached.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message