jasisk
commented
8 years ago Looks good to me :+1:
Closed jasisk closed 8 years ago
jasisk
commented
8 years ago Looks good to me :+1:
jasisk
commented
8 years ago Yeah, me too. :+1:
jasisk
commented
8 years ago Ok, thanks everyone. Merging!
This was fun.
Turns out the couchapp already handles host rewrites which is cool (they implemented it two months before we did).
Unfortunately, it assumes one link in the proto and host chain.
If your LB passes x-forwarded-* headers correctly, it joins the new value against an existing header. So assuming you have one LB terminating SSL followed by a second LB (to balance couch, for example), your
x-forwarded-protovalue will likely behttps, http. The couchapp blindly uses the string which means your rewrites resolve tohttps, http://1.2.3.4/file/-/file-0.0.0.tgz.This is a hack to get around that. Best place to fix will be the couchapp.
I kept
x-forwarded-forin case that chain will be valuable.