Extend X-Forwarded headers to avoid bogus URLs on double-proxied apps

This commit is contained in:
Disassembler 2018-02-02 21:04:12 +01:00
parent 7f93df3014
commit 003b3f2c12
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
6 changed files with 27 additions and 3 deletions

View File

@ -33,9 +33,14 @@ http {
try_files $uri =404; try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/kanboard.sock; fastcgi_pass unix:/var/run/kanboard.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty;
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty;
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
} }
location ~* ^.+\.(log|sqlite)$ { location ~* ^.+\.(log|sqlite)$ {

View File

@ -9,6 +9,9 @@ server {
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-HTTPS $https;
proxy_set_header X-Forwarded-Server-Name $host;
proxy_set_header X-Forwarded-Server-Port $server_port;
proxy_pass http://127.0.0.1:8009; proxy_pass http://127.0.0.1:8009;
} }
} }

View File

@ -31,9 +31,14 @@ http {
location ~ \.php$ { location ~ \.php$ {
fastcgi_pass unix:/var/run/seeddms.sock; fastcgi_pass unix:/var/run/seeddms.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty;
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty;
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
} }
} }
} }

View File

@ -9,6 +9,9 @@ server {
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-HTTPS $https;
proxy_set_header X-Forwarded-Server-Name $host;
proxy_set_header X-Forwarded-Server-Port $server_port;
proxy_pass http://127.0.0.1:8010; proxy_pass http://127.0.0.1:8010;
} }
} }

View File

@ -30,13 +30,18 @@ http {
} }
location /platform { location /platform {
fastcgi_pass unix:/var/run/ushahidi.sock;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/platform/httpdocs/index.php; fastcgi_param SCRIPT_FILENAME $document_root/platform/httpdocs/index.php;
fastcgi_split_path_info ^(/platform/)(.*)$; fastcgi_split_path_info ^(/platform/)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_pass unix:/var/run/ushahidi.sock; fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty;
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty;
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
} }
} }
} }

View File

@ -9,6 +9,9 @@ server {
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-HTTPS $https;
proxy_set_header X-Forwarded-Server-Name $host;
proxy_set_header X-Forwarded-Server-Port $server_port;
proxy_pass http://127.0.0.1:8014; proxy_pass http://127.0.0.1:8014;
} }
} }