search

kartoza / docker-geoserver

A docker recipe for GeoServer
GNU General Public License v2.0
628 stars 423 forks source link

HTTP_SCHEME seems broken between 2.23.0 and 2.23.1 #547

Closed alexkuretz closed 1 year ago

alexkuretz commented 1 year ago

What is the bug or the crash?

I suspect this is related to recent commits associated with https://github.com/kartoza/docker-geoserver/issues/293, specifically the commits in https://github.com/kartoza/docker-geoserver/commit/c7dd64dc2990e23d0258ee4115e6b004c40b4585.

I have a working Geoserver running in Kubernetes behind an Nginx reverse proxy using your 2.23.0 docker image. SSL is terminated at Nginx. I recently tried switching to the newest 2.23.1 image that's available, and the HTTP_SCHEME no longer seems to be working properly. Specifically the Login form submit correctly uses HTTPS in 2.23.0 but uses HTTP in 2.23.1. I make no other changes in my deployment other than changing the image version in my Dockerfile to observe this behavior.

Steps to reproduce the issue

Environment variables passed during deployment:

HTTP_PROXY_NAME: geoserver.mydomain.com
HTTP_SCHEME: https
CSRF_WHITELIST: geoserver.mydomain.com

Dockerfile:

FROM kartoza/geoserver:2.23.0
EXPOSE 8080

When deploying using 2.23.0 the Login form submit URL is correctly using HTTPS: <form class="d-inline-block" method="post" action="https://geoserver.mydomain.com/geoserver/j_spring_security_check">

When changing the image version in the Dockerfile to 2.23.1 the Login form submit is incorrectly using HTTP: <form class="d-inline-block" method="post" action="http://geoserver.mydomain.com/geoserver/j_spring_security_check">

Versions

2.23.1

Additional context

No response

NyakudyaA commented 1 year ago

@alexkuretz Can you mount the server.xml from previous image into this image as 

-v  server.xml:/settings/server.xml

@carderm ping for the original PR, we also need to have a test added in https://github.com/kartoza/docker-geoserver/blob/develop/scenario_tests/login/tests/test_login.py so that this won't be broken in future

alexkuretz commented 1 year ago

I was working on that while writing up this bug report, hoping to have a solution to suggest, but was having trouble getting the server.xml to persist. Your comment about using the /settings was a big help though. I copied the server.xml.bak file that is created by sed in start.sh and modified my dockerfile to place that into /settings/server.xml and the Login submit form is now correctly using HTTPS in 2.23.1.