Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wxs online resource behind varnish/load balancers #4955

Merged
merged 1 commit into from Sep 2, 2014
Merged

wxs online resource behind varnish/load balancers #4955

merged 1 commit into from Sep 2, 2014

Conversation

tbonfort
Copy link
Member

@tbonfort tbonfort commented Jul 17, 2014

Hello @tbonfort
As discussed, im opening a ticket for this feature request.
Our mapserver services are running behind varnish and load balancers.
In order to provide the correct online resource in the getcapabilities document, mapserver has to read some extra information from the http headers, set by varnish or other proxies.
So if possible, the code that builds the online resource should check for the existance of headers like:
HTTP_X_FORWARDED_PROTO
HTTP_X_FORWARDED_HOST
If they exist, they should be used for the online resource.

@dmorissette
Copy link
Contributor

dmorissette commented Jul 14, 2014

Automatically checking the HTTP_X_FORWARDED... headers would be nice, but in the meantime, you can set the ows_onlineresource metadata explicitly to the address of your load balancer.

@ltclm
Copy link
Author

ltclm commented Jul 17, 2014

Thank you for the note, yes in some cases we are already setting the onlinresource explicitely in the mapfile. In other cases this is not working, p.e. https traffic is changed into http behind varnish, thus the onlineresource is always http, in addition have several urls for one service so setting the url in the mapfile is not working. Im looking forward to a solution of this problem.

@tbonfort
Copy link
Member

tbonfort commented Jul 17, 2014

I'll be taking care of this one. Checking the HTTP_X_FORWARDED_* headers isn't as straightforward as it seems as in some cases (apache proxypass notably) HTTP_X_FORWARDED_HOST already contains the http(s):// prefix

@tbonfort
Copy link
Member

tbonfort commented Jul 17, 2014

The submitted pull-request reads the X-Forwarded-* headers if available. It does not yet treat the case where X-Forwarded-Host already contains the http(s) prefix

@tbonfort
Copy link
Member

tbonfort commented Aug 26, 2014

@ltclm were you able to test the proposed fix and confirm that it solves your issue ?

@ltclm
Copy link
Author

ltclm commented Aug 26, 2014

Not yet, we will test this fix this or next week and inform you.

@ltclm
Copy link
Author

ltclm commented Aug 28, 2014

@tbonfort We could successfully test the proposed fix.
Everything is working fine, thank you!

Get HEADER GetCap mit patch GetCap ohne Patch
HOST X_FORWARDED_PROTO X_FORWARDED_HOST X_FORWARDED_PORT OnlineResource OnlineResource
wms-bgdi.dev.bgdi.ch empty empty empty http://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch https empty 80 https://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch http empty empty http://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch empty wms-new.bgdi.ch empty http://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch https wms-new.bgdi.ch 80 https://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch http wms-new.bgdi.ch empty http://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?

@ltclm
Copy link
Author

ltclm commented Aug 29, 2014

Hello, one more remark.
Im not sure about that, but if the X_FORWARDED_HOST Header contains a comma separated list of hosts [1], the first entry should be used for the onlineresource.

[1] http://stackoverflow.com/questions/17411391/whats-the-variable-http-x-forwarded-host-in-the-env-hash-in-middleware

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants