Tâche #21242
Scénario #12608: Vérifier et tester les entêtes x_forwarded_host et x_forwarded_server de Nginx
Centraliser tous les entêtes communs ajoutés dans un fichier à inclure
Status:
Fermé
Priority:
Normal
Assigned To:
Target version:
Remaining (hours):
0.0
Description
Cela permettra de gérer de façon cohérente les entêtes à ajouter pour le reverse proxy.
Il faudra remplacer les entêtes déclarés manuellement dans la configuration du reverse proxy par l’inclusion de ce nouveau fichier.
Related issues
Associated revisions
Common proxy parameters must be factorised in an included file
This will ease the management of common parameters.
- dicos/25_nginx.xml: new template.
- tmpl/nginx.proxy-params: set common headers for reverse proxy.
- tmpl/nginx.default: replace common proxy parameters with the
included file.
Ref: #21242
History
#1 Updated by Daniel Dehennin over 5 years ago
- % Done changed from 0 to 100
- Remaining (hours) changed from 2.0 to 0.25
Paquet 2.6.2-3 en eole-2.6-unstable.
#2 Updated by Daniel Dehennin over 5 years ago
- Assigned To set to Daniel Dehennin
#3 Updated by Daniel Dehennin over 5 years ago
- Status changed from Nouveau to En cours
#4 Updated by Daniel Dehennin over 5 years ago
- Status changed from En cours to Résolu
#5 Updated by Emmanuel GARETTE over 5 years ago
- Remaining (hours) changed from 0.25 to 0.0
#6 Updated by Emmanuel GARETTE over 5 years ago
- Status changed from Résolu to Fermé
Configuration de l'Amon (pour faire du HTTP) :
root@amon:~# CreoleSet revprox_http oui root@amon:~# CreoleSet revprox_url http://scribe.etb1.lan root@amon:~# CreoleCat -t nginx.default root@amon:~# CreoleService nginx restart Restart Systemd service nginx [ OK ]
Avant mise à jour :
root@scribe:~# nc -l -p 80 GET / HTTP/1.0 Host: etb1.ac-test.fr X-Real-IP: 192.168.230.35 X-Forwarded-For: 192.168.230.35 Connection: close User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0
Après mise à jour en HTTP :
root@scribe:~# nc -l -p 80 GET / HTTP/1.0 Host: etb1.ac-test.fr X-Real-IP: 192.168.230.35 X-Forwarded-Host: etb1.ac-test.fr:80 X-Forwarded-Server: etb1.ac-test.fr X-Forwarded-For: 192.168.230.35 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0
Après mise à jour en HTTPS :
root@scribe:~# nc -l -p 80 GET / HTTP/1.0 Host: etb1.ac-test.fr X-Real-IP: 192.168.230.35 X-Forwarded-Host: etb1.ac-test.fr:443 X-Forwarded-Server: etb1.ac-test.fr X-Forwarded-For: 192.168.230.35 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1
#7 Updated by Joël Cuissinat about 5 years ago
- Related to Tâche #22790: Possible problème avec nginx sur Amon 2.6.2 added