Open djzort opened 4 years ago
Hello @djzort, thanks for your hint, I'll have another look at it.
Hi @djzort, what is your proposal? The swagger spec part is created once, I do not see how a middleware could kick in here.
Possibly P::M::ReverseProxy wont do it at this moment, but along those lines my concern is that reverse proxy variables are notoriously non standard (hence the X). Although there is actually now a standard in https://tools.ietf.org/html/rfc7239
It would be better to make use of an external module who's purpose is to make sense of reverse proxies, rather than taking on maintaining a solution to the problem in Raisin
So you're suggesting to provide the correct values to Raisin? At the moment the plugin takes care, this would require to move the environment handling from the plugins to Raisin itself and to have the plugins configured when needed. Did I get you right?
Ideally it should be handled by Plack::Middleware if thats what you mean, since its a protocol mutator
@hidden-primary-net, I'd like to try to reproduce your problem to see how it can be solved with Plack middlewares.
To do that would you mind telling me what software do you use for proxying, and if it is configured a some special way? Would you mind helping with this?
Hi @khrt, we have the swagger service running in a plack process bound to localhost. An apache reverse proxy in front does the TLS termination. It's not too magical:
<VirtualHost *:443>
ServerName ...
## Vhost docroot
DocumentRoot ...
<Location "/swagger/x/">
Require valid-user
AuthType basic
AuthName "Restricted area"
AuthBasicProvider file
AuthUserFile ...
## Request Header rules
RequestHeader set X-BSS ...
</Location>
## Logging
ErrorLog ...
CustomLog ...
ServerSignature Off
## Proxy rules
ProxyRequests Off
ProxyPreserveHost Off
ProxyPass /probe !
ProxyPassReverse /probe !
ProxyPass /swagger/x/ http://localhost:30180/
ProxyPassReverse /swagger/x/ http://localhost:30180/
## SSL directives
SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLProtocol ...
SSLCipherSuite ...
SSLVerifyClient ...
## Custom fragment
ProxyTimeout 180
</VirtualHost>
What bit me was that initially calling http://localhost:30180/swagger
initializes the spec info for the live of the process with the localhost
data. We also want to use a swagger-ui that relies on the information from the swagger file, they need to be correct.
The changes in #101 are not what you want
People should just use
https://metacpan.org/pod/Plack::Middleware::ReverseProxy
Which covers of all the variables