search

mozilla-services / push-dev-dashboard

Developer dashboard for the Mozilla web push service
https://dev-dashboard.deis.dev.mozaws.net/
Mozilla Public License 2.0
7 stars 6 forks source link

Redirect http traffic to https #149

Closed groovecoder closed 8 years ago

groovecoder commented 8 years ago

@oremj - I have code for this in a branch, but apparently AWS ELB is not sending X-Forwarded-Proto: https Headers like AWS docs say it does? Have you seen this X-Forwarded-Proto header issue for other apps doing HTTPS with the ELB?

oremj commented 8 years ago

It has worked for me in the past. Can you paste the request headers that you are seeing?

groovecoder commented 8 years ago

I've added some extra app-level logging for the headers ... now I just need to find out how to get to them thru the CoreOS/deis layers. :wink: Something to do bright and early tomorrow.

groovecoder commented 8 years ago

Weird, django is getting 'HTTP_X_FORWARDED_PROTO': 'http':

2016-03-29T14:53:17UTC dev-dashboard[cmd.1]: 2016-03-29 14:53:17 [15] [DEBUG] pathname=/usr/src/app/dashboard/middleware.py lineno=8 funcname=process_request Request headers: {'HTTP_REFERER': 'https://github.com/mozilla-services/push-dev-dashboard', 'HTTP_X_FORWARDED_SSL': 'off', 'SERVER_SOFTWARE': 'gunicorn/19.4.5', 'SCRIPT_NAME': u'', 'HTTP_X_FORWARDED_PORT': '80', 'PATH_INFO': u'/', 'SERVER_PROTOCOL': 'HTTP/1.1', 'QUERY_STRING': '', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36', 'HTTP_CONNECTION': 'close', 'REMOTE_PORT': '50012', 'SERVER_NAME': '0.0.0.0', 'REMOTE_ADDR': '10.21.1.164', 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8000', 'HTTP_X_FORWARDED_PROTO': 'http', 'wsgi.input': <gunicorn.http.body.Body object at 0x7fb6203cc610>, 'HTTP_HOST': 'dev-dashboard.deis.dev.mozaws.net', 'wsgi.multithread': False, 'HTTP_UPGRADE_INSECURE_REQUESTS': '1', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'wsgi.version': (1, 0), 'RAW_URI': '/', 'wsgi.run_once': False, 'wsgi.errors': <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7fb6203cc690>, 'wsgi.multiprocess': True, 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8', 'gunicorn.socket': <socket._socketobject object at 0x7fb62042f910>, 'REQUEST_METHOD': 'GET', 'HTTP_X_FORWARDED_FOR': '199.58.143.63', 'wsgi.file_wrapper': <class 'gunicorn.http.wsgi.FileWrapper'>, 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, sdch'}

Seems like I need to dig into Deis HTTPS support.

groovecoder commented 8 years ago

To preserve the X-Forwarded-Proto header, I had to re-configure the Deis ELB from SSL-TCP to HTTPS-HTTP, and disable proxyProtocol on the deis cluster (deisctl config router rm proxyProtocol)

groovecoder commented 8 years ago

Fixed in https://github.com/mozilla-services/push-dev-dashboard/pull/154. Deploying to dev deis now.