Closed karelklima closed 3 years ago
bindeali
commented
3 years ago Could this solve an issue I have with my Netlify deploy previews not being able to communicate with the DB server because of CORS errors (at least on slovník-test?) Local testing probably won't be of use for this issue, but I'll try it nonetheless.
karelklima
commented
3 years ago Could this solve an issue I have with my Netlify deploy previews not being able to communicate with the DB server because of CORS errors (at least on
slovník-test?) Local testing probably won't be of use for this issue, but I'll try it nonetheless.
@bindeali Yes, that was the main motivation for doing the refactoring.
I have refactored and possibly fixed all the proxy / SSL issues that we have with the reverse-proxy hierarchy.
How I did it:
https://slovník.dev/modelujemetohttp://localhost:1234/modelujeme. This proxy contains almost all of the proxy headers magic. In order to do this I have set up a local SSL certificate containingslovník.devdomain.http://localhost:1234. I needed to move it from the 80 port so that I can use the master proxy above.Proxying variations: when it comes to proxying requests within AL, there are two strategies being used using the nginx
proxy_passcommand. The first one includes URI which means that the location prefix is stripped, the second one passes the whole URI so that the path is unchanged one layer deeped under the proxy. The only reason for this is Keycloak - it would require some non-trivial extra configuration to make it work. My original idea was to remove the "modelujeme" prefix from the AL configuration altogether, which is possible, but we'd need to build a custom Keycloak image with some configuration magic.What is the biggest benefit, besides that the configuration finally makes sense: it is possible to use the deployed apps from localhost without using HTTPS, which was the most painful issue that we had.