From 8f74757f2364cf32752d143e423ff707c6551849 Mon Sep 17 00:00:00 2001 From: Brian Picciano Date: Sun, 16 Jul 2023 17:54:56 +0200 Subject: [PATCH] send x-forwarded-proto header from proxy --- README.md | 1 + src/origin/proxy.rs | 9 ++++++++- src/service/http.rs | 14 +++++++++++--- src/service/http/tasks.rs | 8 ++++++-- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 69af622..fcfd90a 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ domain: #proxy.example.com: # kind: proxy # url: "http://some.other.service.com" + # public: false service: diff --git a/src/origin/proxy.rs b/src/origin/proxy.rs index 59b6379..ff911e2 100644 --- a/src/origin/proxy.rs +++ b/src/origin/proxy.rs @@ -1,4 +1,5 @@ use crate::error::unexpected::{self, Mappable}; +use http::header::HeaderValue; use std::{net, str::FromStr}; // proxy is a special case because it is so tied to the underlying protocol that a request is @@ -9,6 +10,7 @@ pub async fn serve_http_request( client_ip: net::IpAddr, proxy_url: &str, mut req: hyper::Request, + req_is_https: bool, ) -> unexpected::Result> { let parsed_proxy_url = http::Uri::from_str(proxy_url).or_unexpected_while("parsing proxy url")?; @@ -34,11 +36,16 @@ pub async fn serve_http_request( host = host_and_port.as_str(); }; - http::header::HeaderValue::from_str(host).or_unexpected()? + HeaderValue::from_str(host).or_unexpected()? }; req.headers_mut().insert("host", host); + if req_is_https { + req.headers_mut() + .insert("x-forwarded-proto", HeaderValue::from_static("https")); + } + match hyper_reverse_proxy::call(client_ip, proxy_url, req).await { Ok(res) => Ok(res), // ProxyError doesn't actually implement Error :facepalm: so we have to format the error diff --git a/src/service/http.rs b/src/service/http.rs index a4ab61f..9a09fee 100644 --- a/src/service/http.rs +++ b/src/service/http.rs @@ -163,6 +163,7 @@ impl<'svc> Service { client_ip: net::IpAddr, domain: domain::Name, req: Request, + req_is_https: bool, ) -> Response { let mut path_owned; let path = req.uri().path(); @@ -185,7 +186,7 @@ impl<'svc> Service { self.render_error_page(404, "File not found") } Err(domain::manager::GetFileError::OriginIsProxy { url }) => { - origin::proxy::serve_http_request(client_ip, &url, req) + origin::proxy::serve_http_request(client_ip, &url, req, req_is_https) .await .unwrap_or_else(|e| { self.internal_error(format!("proxying {domain} to {url}: {e}").as_str()) @@ -379,7 +380,12 @@ impl<'svc> Service { self.render_page("/domains.html", Response { domains }) } - async fn handle_request(&self, client_ip: net::IpAddr, req: Request) -> Response { + async fn handle_request( + &self, + client_ip: net::IpAddr, + req: Request, + req_is_https: bool, + ) -> Response { let maybe_host = match ( req.headers() .get("Host") @@ -428,7 +434,9 @@ impl<'svc> Service { // If a managed domain was given then serve that from its origin if let Some(domain) = maybe_host { - return self.serve_origin(client_ip, domain, req).await; + return self + .serve_origin(client_ip, domain, req, req_is_https) + .await; } // Serve main domani site diff --git a/src/service/http/tasks.rs b/src/service/http/tasks.rs index de3bc30..86eaf8f 100644 --- a/src/service/http/tasks.rs +++ b/src/service/http/tasks.rs @@ -22,7 +22,9 @@ pub async fn listen_http( // Create a `Service` for responding to the request. let hyper_service = hyper::service::service_fn(move |req| { let service = service.clone(); - async move { Ok::<_, convert::Infallible>(service.handle_request(client_ip, req).await) } + async move { + Ok::<_, convert::Infallible>(service.handle_request(client_ip, req, false).await) + } }); // Return the service to hyper. @@ -58,7 +60,9 @@ pub async fn listen_https( // Create a `Service` for responding to the request. let hyper_service = hyper::service::service_fn(move |req| { let service = service.clone(); - async move { Ok::<_, convert::Infallible>(service.handle_request(client_ip, req).await) } + async move { + Ok::<_, convert::Infallible>(service.handle_request(client_ip, req, true).await) + } }); // Return the service to hyper.