New documentation and fixes for proxy reverse

hivesolutions · Sep 18, 2019 · f51d662 · f51d662
1 parent f22abe6
commit f51d662
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/doc/configuration.md b/doc/configuration.md
@@ -11,7 +11,6 @@
 | **UNIX_PATH** | `str` | The path to the file that is going to be used for Unix domain sockets (defaults to `$PORT`), note that under the hood the port variable is used as the path for the socket. |
 | **BACKLOG** | `int` | The number of connections to be hold waiting in queue while pending accept operation. |
 | **ALLOWED** | `list` | Sequence of IP or Subnet addresses (eg: 172.16.0.0/16) that are considered to be allowed as clients for a given server, any client connection with an IP address not contained in the list will be dropped (defaults to `[]`). |
-| **TRUST_ORIGIN** | `bool` | If the origin connection (eg: http client, proxy client, etc.) is meant to be trusted meaning that its information is considered reliable, this value is especially important for proxy to proxy relations (defaults to `False`). |
 | **CHILDREN** | `int` | Number of child processes that are meant to be created upon launch using a pre-fork approach. (defaults to `0`). |
 | **CHILD** | `int` | Same as `CHILDREN`. |
 | **MIDDLEWARE** | `list` | The middleware as a set of strings (eg: proxy) that is going to be loaded into the instance, the notation used to define the modules to be loaded should be underscore based (notice that loading extra middleware into an instance may impact the performance of the same). |
@@ -73,17 +72,21 @@
 | ----- | ----- | ----- |
 | **DYNAMIC** | `bool` | In case this value is active dynamic connection encoding is applied, meaning that extra heuristics will be applied on a response basis to determine the proper encoding of the response (eg: plain, chunked, gzip, etc.). |
 | **THROTTLE** | `bool` | If throttling of the connection stream should be applied on both ways to avoid starvation of the producer consumer relation. |
-| **STRATEGY** | `str` | The load balancing strategy that is going to be used for multiple back-end connections (defaults to `smart`). |
-| **RESOLVE** | `bool` | If the DNS based resolution of the hosts should be enabled meaning that from time to time the hostname associated with the target URLs is resolved (defaults to `True`). |
-| **RESOLVE_TIMEOUT** | `float` | The amount of seconds between DNS resolution queries (defaults to `120`). |
-| **HOST_FORWARD** | `bool` | If the `Host` header for HTTP back-end connections should be resolved from rules, avoiding `Host` header populated with the IP address (defaults to `False`). |
-| **REUSE** | `bool` | If HTTP connections/rules should be re-used from a proxy point of view, this options may pose a problem when different suffixes are used for the same host (defaults to `True`). |
+| **TRUST_ORIGIN** | `bool` | If the origin connection (eg: http client, proxy client, etc.) is meant to be trusted meaning that its information is considered reliable, this value is especially important for proxy to proxy relations (defaults to `False`). |
 
 #### Proxy Reverse
 
 | Name | Type | Description |
 | ----- | ----- | ----- |
 | **STS** | `int` | Defines the strict transport security header value (in seconds) for the reverse proxy, in case the value is zero the strict transport security is disabled (defaults to `0`). |
+| **STRATEGY** | `str` | The load balancing strategy that is going to be used for multiple back-end connections (defaults to `smart`). |
+| **RESOLVE** | `bool` | If the DNS based resolution of the hosts should be enabled meaning that from time to time the hostname associated with the target URLs is resolved (defaults to `True`). |
+| **RESOLVE_TIMEOUT** | `float` | The amount of seconds between DNS resolution queries (defaults to `120`). |
+| **HOST_FORWARD** | `bool` | If the `Host` header for HTTP back-end connections should be resolved from rules, avoiding `Host` header populated with the IP address (defaults to `False`). |
+| **REUSE** | `bool` | If HTTP connections/rules should be re-used from a proxy point of view, this options may pose a problem when different suffixes are used for the same host (defaults to `True`). |
+| **X_FORWARDED_PORT** | `str` | If defined allow "forcing" the `X-Forwarded-Port` HTTP header (defaults to `None`). |
+| **X_FORWARDED_PROTO** | `str` | If defined allow "forcing" the `X-Forwarded-Proto` HTTP header (defaults to `None`). |
+
 
 #### DNS Client
 

diff --git a/src/netius/extra/proxy_r.py b/src/netius/extra/proxy_r.py
@@ -371,8 +371,8 @@ def on_headers(self, connection, parser):
         headers["x-real-ip"] = address
         headers["x-client-ip"] = address
         headers["x-forwarded-for"] = address
-        headers["x-forwarded-proto"] = protocol
-        headers["x-forwarded-port"] = port
+        headers["x-forwarded-proto"] = self.x_forwarded_proto if self.x_forwarded_proto else protocol
+        headers["x-forwarded-port"] = self.x_forwarded_port if self.x_forwarded_port else port
         headers["x-forwarded-host"] = host_o
 
         # verifies if the current connection already contains a valid