New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wxs online resource behind varnish/load balancers #4955

Merged
merged 1 commit into from Sep 2, 2014

Conversation

Projects
None yet
3 participants
@tbonfort
Member

tbonfort commented Jul 17, 2014

Hello @tbonfort
As discussed, im opening a ticket for this feature request.
Our mapserver services are running behind varnish and load balancers.
In order to provide the correct online resource in the getcapabilities document, mapserver has to read some extra information from the http headers, set by varnish or other proxies.
So if possible, the code that builds the online resource should check for the existance of headers like:
HTTP_X_FORWARDED_PROTO
HTTP_X_FORWARDED_HOST
If they exist, they should be used for the online resource.

@dmorissette

This comment has been minimized.

Show comment
Hide comment
@dmorissette

dmorissette Jul 14, 2014

Contributor

Automatically checking the HTTP_X_FORWARDED... headers would be nice, but in the meantime, you can set the ows_onlineresource metadata explicitly to the address of your load balancer.

Contributor

dmorissette commented Jul 14, 2014

Automatically checking the HTTP_X_FORWARDED... headers would be nice, but in the meantime, you can set the ows_onlineresource metadata explicitly to the address of your load balancer.

@ltclm

This comment has been minimized.

Show comment
Hide comment
@ltclm

ltclm Jul 17, 2014

Thank you for the note, yes in some cases we are already setting the onlinresource explicitely in the mapfile. In other cases this is not working, p.e. https traffic is changed into http behind varnish, thus the onlineresource is always http, in addition have several urls for one service so setting the url in the mapfile is not working. Im looking forward to a solution of this problem.

ltclm commented Jul 17, 2014

Thank you for the note, yes in some cases we are already setting the onlinresource explicitely in the mapfile. In other cases this is not working, p.e. https traffic is changed into http behind varnish, thus the onlineresource is always http, in addition have several urls for one service so setting the url in the mapfile is not working. Im looking forward to a solution of this problem.

@tbonfort

This comment has been minimized.

Show comment
Hide comment
@tbonfort

tbonfort Jul 17, 2014

Member

I'll be taking care of this one. Checking the HTTP_X_FORWARDED_* headers isn't as straightforward as it seems as in some cases (apache proxypass notably) HTTP_X_FORWARDED_HOST already contains the http(s):// prefix

Member

tbonfort commented Jul 17, 2014

I'll be taking care of this one. Checking the HTTP_X_FORWARDED_* headers isn't as straightforward as it seems as in some cases (apache proxypass notably) HTTP_X_FORWARDED_HOST already contains the http(s):// prefix

tbonfort added a commit to tbonfort/mapserver that referenced this pull request Jul 17, 2014

@tbonfort

This comment has been minimized.

Show comment
Hide comment
@tbonfort

tbonfort Jul 17, 2014

Member

The submitted pull-request reads the X-Forwarded-* headers if available. It does not yet treat the case where X-Forwarded-Host already contains the http(s) prefix

Member

tbonfort commented Jul 17, 2014

The submitted pull-request reads the X-Forwarded-* headers if available. It does not yet treat the case where X-Forwarded-Host already contains the http(s) prefix

@tbonfort

This comment has been minimized.

Show comment
Hide comment
@tbonfort

tbonfort Aug 26, 2014

Member

@ltclm were you able to test the proposed fix and confirm that it solves your issue ?

Member

tbonfort commented Aug 26, 2014

@ltclm were you able to test the proposed fix and confirm that it solves your issue ?

@ltclm

This comment has been minimized.

Show comment
Hide comment
@ltclm

ltclm Aug 26, 2014

Not yet, we will test this fix this or next week and inform you.

ltclm commented Aug 26, 2014

Not yet, we will test this fix this or next week and inform you.

@ltclm

This comment has been minimized.

Show comment
Hide comment
@ltclm

ltclm Aug 28, 2014

@tbonfort We could successfully test the proposed fix.
Everything is working fine, thank you!

Get HEADER GetCap mit patch GetCap ohne Patch
HOST X_FORWARDED_PROTO X_FORWARDED_HOST X_FORWARDED_PORT OnlineResource OnlineResource
wms-bgdi.dev.bgdi.ch empty empty empty http://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch https empty 80 https://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch http empty empty http://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch empty wms-new.bgdi.ch empty http://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch https wms-new.bgdi.ch 80 https://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch http wms-new.bgdi.ch empty http://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?

ltclm commented Aug 28, 2014

@tbonfort We could successfully test the proposed fix.
Everything is working fine, thank you!

Get HEADER GetCap mit patch GetCap ohne Patch
HOST X_FORWARDED_PROTO X_FORWARDED_HOST X_FORWARDED_PORT OnlineResource OnlineResource
wms-bgdi.dev.bgdi.ch empty empty empty http://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch https empty 80 https://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch http empty empty http://wms-bgdi.dev.lt.admin.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch empty wms-new.bgdi.ch empty http://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch https wms-new.bgdi.ch 80 https://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?
wms-bgdi.dev.bgdi.ch http wms-new.bgdi.ch empty http://wms-new.bgdi.ch/? http://wms-bgdi.dev.lt.admin.ch/?
@ltclm

This comment has been minimized.

Show comment
Hide comment
@ltclm

ltclm Aug 29, 2014

Hello, one more remark.
Im not sure about that, but if the X_FORWARDED_HOST Header contains a comma separated list of hosts [1], the first entry should be used for the onlineresource.

[1] http://stackoverflow.com/questions/17411391/whats-the-variable-http-x-forwarded-host-in-the-env-hash-in-middleware

ltclm commented Aug 29, 2014

Hello, one more remark.
Im not sure about that, but if the X_FORWARDED_HOST Header contains a comma separated list of hosts [1], the first entry should be used for the onlineresource.

[1] http://stackoverflow.com/questions/17411391/whats-the-variable-http-x-forwarded-host-in-the-env-hash-in-middleware

tbonfort added a commit to tbonfort/mapserver that referenced this pull request Sep 2, 2014

tbonfort added a commit to tbonfort/mapserver that referenced this pull request Sep 2, 2014

tbonfort added a commit to tbonfort/mapserver that referenced this pull request Sep 2, 2014

@tbonfort tbonfort merged commit 3241921 into mapserver:master Sep 2, 2014

1 check was pending

continuous-integration/travis-ci The Travis CI build is in progress
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment