search

cyber-dojo / nginx

repo for the cyberdojo/nginx Docker image; a cyber-dojo microservice
https://cyber-dojo.org
BSD 2-Clause "Simplified" License
0 stars 9 forks source link

Passing `Host` header doesn't seem to work reliably #1

Closed mattwynne closed 4 years ago

mattwynne commented 5 years ago

We've had an issue with cyber-dojo.cucumber.io where the URL built for the kata window contains web:3000 instead of the host that the browser was visiting on.

This domain is managed by CloudFlare and our cyber-dojo server does not have SSL set up, so we've been using "Flexible SSL" meaning cloudflare forces SSL from client -> cloudflare, but uses HTTP from cloudflare to origin server. If we disable HTTPS, and visit through http://cyber-dojo.cucumber.io it works OK. If we enable flexible SSL, we get the problem.

We had a look at the nginx config, and we wondered if we might need this in the proxy settings:

proxy_set_header Host       $http_host;

So that the http host from the request is passed on to the Rails server. Not quite sure why it would be different for HTTPS requests though...

mattwynne commented 5 years ago

(I'm sat here with @sebrose by the way 👋 )

JonJagger commented 5 years ago

Hi Matt and Seb :-) It seems this setting goes into a file called proxy.conf cyber-dojo's nginx does not have such a file. I will build a server with a modified nginx image and report back...

Ok. I created a new server (Ubuntu 18.04) I git cloned the nginx repo

$ cd ~
$ git clone https://github.com/cyber-dojo/nginx.git

I created a new file called proxy.conf

$ cd ~/nginx
$ echo "proxy_set_header Host \$http_host;" > proxy.conf
$ cat proxy.conf
proxy_set_header Host $http_host;

I edited the ~/nginx/Dockerfile to include the line

COPY proxy.conf /etc/nginx/conf.d/proxy.conf

I installed docker-compose (so I could build the image from the script)

$ sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose

Then I rebuilt the image from the script

$ cd ~/nginx
$ ./pipe_build_up_test.sh

Then I prodded the cyber-dojo server to use the new nginx image

$ cd ~
$ ./cyber-dojo up ...
...
Recreating cyber-dojo-nginx ... done

Nothing seems to have broken. But I don't know how to test this. I think it will be safe for you try the above on your server.

mattwynne commented 5 years ago

Hi @JonJagger.

I don't know enough about our Cyber-Dojo infrastructure to try that myself but maybe @sebrose and I can pair on it.

JonJagger commented 4 years ago

I think this is finally fixed! https://github.com/cyber-dojo/nginx/blob/master/nginx.conf

mattwynne commented 4 years ago

\o/