Fix insecure asset loading with web proxy enabled

This issue is well described in this post: https://discuss.overhang.io/t/reverse-proxy-and-mixed-content-issue/86 When WEB_PROXY=True and ACTIVATE_HTTPS=True the containerized nginx sets an incorrect value for X-Forwarded-Proto.
overhangio · Jul 7, 2019 · c431fb8 · c431fb8
1 parent eb91030
commit c431fb8
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
 
 ## Latest
 
+- [Bugfix] Fix insecure static asset loading when web proxy is enabled
 - [Improvement] Rename ``SECRET_KEY`` configuration parameter to ``OPENEDX_SECRET_KEY``
 - [Improvement] Add support for TLS in external SMTP server (#231)
 - [Bugfix] Fix missing video transcripts in LMS (#229)

diff --git a/plugins/minio/setup.py b/plugins/minio/setup.py
@@ -10,7 +10,7 @@
 
 setup(
     name="tutor-minio",
-    version="0.0.2",
+    version="0.0.3",
     url="https://docs.tutor.overhang.io/",
     project_urls={
         "Documentation": "https://docs.tutor.overhang.io/",

diff --git a/plugins/minio/tutorminio/patches/nginx-extra b/plugins/minio/tutorminio/patches/nginx-extra
@@ -24,9 +24,11 @@ server {
   client_max_body_size 0;
 
   location / {
+    {% if not WEB_PROXY %}
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-Port $server_port;
     proxy_set_header X-Forwarded-For $remote_addr;
+    {% endif %}
     proxy_set_header Host $http_host;
     proxy_redirect off;
 

diff --git a/plugins/notes/setup.py b/plugins/notes/setup.py
@@ -10,7 +10,7 @@
 
 setup(
     name="tutor-notes",
-    version="0.0.1",
+    version="0.0.2",
     url="https://docs.tutor.overhang.io/",
     project_urls={
         "Documentation": "https://docs.tutor.overhang.io/",

diff --git a/plugins/notes/tutornotes/patches/nginx-extra b/plugins/notes/tutornotes/patches/nginx-extra
@@ -24,9 +24,11 @@ server {
   server_tokens off;
 
   location / {
+    {% if not WEB_PROXY %}
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-Port $server_port;
     proxy_set_header X-Forwarded-For $remote_addr;
+    {% endif %}
     proxy_set_header Host $http_host;
     proxy_redirect off;
 

diff --git a/tutor/templates/apps/nginx/cms.conf b/tutor/templates/apps/nginx/cms.conf
@@ -26,9 +26,11 @@ server {
   rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
 
   location @proxy_to_cms_app {
+    {% if not WEB_PROXY %}
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-Port $server_port;
     proxy_set_header X-Forwarded-For $remote_addr;
+    {% endif %}
     proxy_set_header Host $http_host;
     proxy_redirect off;
 

diff --git a/tutor/templates/apps/nginx/lms.conf b/tutor/templates/apps/nginx/lms.conf
@@ -26,9 +26,11 @@ server {
   rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
 
   location @proxy_to_lms_app {
+    {% if not WEB_PROXY %}
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-Port $server_port;
     proxy_set_header X-Forwarded-For $remote_addr;
+    {% endif %}
     proxy_set_header Host $http_host;
     proxy_redirect off;