Project

General

Profile

Tâche #21242

Scénario #12608: Vérifier et tester les entêtes x_forwarded_host et x_forwarded_server de Nginx

Centraliser tous les entêtes communs ajoutés dans un fichier à inclure

Added by Daniel Dehennin over 3 years ago. Updated over 3 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
09/06/2017
Due date:
% Done:

100%

Estimated time:
2.00 h
Spent time:
Remaining (hours):
0.0

Description

Cela permettra de gérer de façon cohérente les entêtes à ajouter pour le reverse proxy.

Il faudra remplacer les entêtes déclarés manuellement dans la configuration du reverse proxy par l’inclusion de ce nouveau fichier.


Related issues

Related to Distribution EOLE - Tâche #22790: Possible problème avec nginx sur Amon 2.6.2 Fermé 01/23/2018

Associated revisions

Revision 2b8bb6fc (diff)
Added by Daniel Dehennin over 3 years ago

Common proxy parameters must be factorised in an included file

This will ease the management of common parameters.

  • dicos/25_nginx.xml: new template.
  • tmpl/nginx.proxy-params: set common headers for reverse proxy.
  • tmpl/nginx.default: replace common proxy parameters with the
    included file.

Ref: #21242

History

#1 Updated by Daniel Dehennin over 3 years ago

  • % Done changed from 0 to 100
  • Remaining (hours) changed from 2.0 to 0.25

Paquet 2.6.2-3 en eole-2.6-unstable.

#2 Updated by Daniel Dehennin over 3 years ago

  • Assigned To set to Daniel Dehennin

#3 Updated by Daniel Dehennin over 3 years ago

  • Status changed from Nouveau to En cours

#4 Updated by Daniel Dehennin over 3 years ago

  • Status changed from En cours to Résolu

#5 Updated by Emmanuel GARETTE over 3 years ago

  • Remaining (hours) changed from 0.25 to 0.0

#6 Updated by Emmanuel GARETTE over 3 years ago

  • Status changed from Résolu to Fermé

Configuration de l'Amon (pour faire du HTTP) :

root@amon:~# CreoleSet revprox_http oui
root@amon:~# CreoleSet revprox_url http://scribe.etb1.lan
root@amon:~# CreoleCat -t nginx.default
root@amon:~# CreoleService nginx restart
Restart Systemd service nginx                                                                                                                                           [  OK  ]

Avant mise à jour :

root@scribe:~# nc -l -p 80
GET / HTTP/1.0
Host: etb1.ac-test.fr
X-Real-IP: 192.168.230.35
X-Forwarded-For: 192.168.230.35
Connection: close
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

Après mise à jour en HTTP :

root@scribe:~# nc -l -p 80
GET / HTTP/1.0
Host: etb1.ac-test.fr
X-Real-IP: 192.168.230.35
X-Forwarded-Host: etb1.ac-test.fr:80
X-Forwarded-Server: etb1.ac-test.fr
X-Forwarded-For: 192.168.230.35
X-Forwarded-Proto: http
Connection: close
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

Après mise à jour en HTTPS :

root@scribe:~# nc -l -p 80
GET / HTTP/1.0
Host: etb1.ac-test.fr
X-Real-IP: 192.168.230.35
X-Forwarded-Host: etb1.ac-test.fr:443
X-Forwarded-Server: etb1.ac-test.fr
X-Forwarded-For: 192.168.230.35
X-Forwarded-Proto: https
Connection: close
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1

#7 Updated by Joël Cuissinat about 3 years ago

  • Related to Tâche #22790: Possible problème avec nginx sur Amon 2.6.2 added

Also available in: Atom PDF