Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running manas behind TLS terminated reverse proxy leads to wrongly reconstructed scheme of target uri #61

Open
hexagon6 opened this issue May 3, 2024 · 1 comment
Open

Running manas behind TLS terminated reverse proxy leads to wrongly reconstructed scheme of target uri #61

hexagon6 opened this issue May 3, 2024 · 1 comment
Labels
bug Something isn't working scope:manas_http scope:manas_server

Comments

@hexagon6
Copy link
Contributor

hexagon6 commented May 3, 2024

Dear @damooo

Error

Running manas give me the following info and then error:

manas_http::service::impl_::reconstruct_target_uri: Reconstructed target uri: Proven<IsAbsolute>(HttpUri(http://example.com/databrowser.html))
    at crates/manas_http/src/service/impl_/reconstruct_target_uri.rs:164

leading to

manas_podverse::podset::service::impl_::basic: No provisioned pod resolved for request target. Error:
  - Target not in namespace.

what I would expect:

Configured root_uri matches reconstructed target uri scheme of a request.

Using binary: manas_server_single_fs_wac
Request to: https://example.com/databrowser.html` -> should be able to access the databrowser.

what happens:

Browser can't connect to https://example.com/databrowser.html.

background:

I am trying to run manas behind a TLS-terminated reverse proxy.

  • Manas uses no tls configuration
  • the reverse proxy does use tls and connects in the backend via http:// to a local private IP.

log

Full log output of request to https://example.com/databrowser.html:

  2024-05-03T14:31:18.986648Z  INFO manas_http::service::impl_::reconstruct_target_uri: Reconstructed target uri: Proven<IsAbsolute>(HttpUri(http://example.com/databrowser.html))
    at crates/manas_http/src/service/impl_/reconstruct_target_uri.rs:164

  2024-05-03T14:31:18.990116Z ERROR manas_podverse::podset::service::impl_::basic: No provisioned pod resolved for request target. Error:
  - Target not in namespace.
    at crates/manas_podverse/src/podset/service/impl_/basic.rs:87
    in manas_podverse::podset::service::impl_::basic::BasicPodSetService::call
    in manas_authentication::challenge_response_framework::service::HttpCRAuthenticationService::call

configuration

My example.com config.toml:

# Should dev mode be enabled.
dev_mode = true

# Storage space config.
[storage.space]
# Uri of the storage root.
root_uri = "https://example.com/"

# Id of the storage owner.
owner_id = "https://any.owner/profile/card#me"

# Repo config.
[storage.repo]
# Whether to enable databrowser frontend.
databrowser_enabled = true

# Repo's file backend config.
[storage.repo.backend]
# Root directory.
root = "/srv/manas"

# Server configuration.
[server]
# Address at which server should listen.
addr = "0.0.0.0:3000"

Note: no [server.tls] is in the config.toml

Debugging help

Would it help if I recorded the http headers between reverse proxy and manas?
Assuming X-Forwarded-For or similar would need to be known maybe?
@damooo
Copy link
Contributor

damooo commented Jul 4, 2024

Sorry @hexagon6 For so late a response.

Current uri handling also works with proxy headers. I should check it properly soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working scope:manas_http scope:manas_server
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hexagon6 @damooo