search

zazukoians / trifid-ld

This repository is DEPRECATED please goto:
https://github.com/zazuko/trifid
Apache License 2.0
18 stars 9 forks source link

Allow HTTPS request URIs #8

Closed retog closed 9 years ago

retog commented 9 years ago

Currently trifid assumes that the schema is HTTP when reconstructing the request URI so it cannot be used if it exposed to the outside via HTTPS-URIs. As afaik there is no way to detect the schema of URI from the request headers wether to assume HTTP or HTTPS should be a setting in config.js.

bergos commented 9 years ago

The protocol field doesn't contain any information about SSL/TLS in newer version of node.js. This code should fix the problem:

if (this.socket.ssl) {
  absoluteUrl.protocol += 's'
}
ktk commented 9 years ago

Just to clarify: The SSL request doesn't end up on node, I have an SSL terminator/proxy in front of Varnish and then Varnish sends it to the backend. But the dereferencing should be the SSL URI, not the non-SSL one.

bergos commented 9 years ago

OK, even easier. Configure Varnish to send the 'x-forwarded-proto' header, express-utils will do the rest.

ktk commented 9 years ago

I think we have a problem further up the chain, filed an issue in hitch with some details.

ktk commented 9 years ago

After the feedback from the hitch maintainers I've added the following to my Varnish setup:

acl SSLfromlocalhost {
  "localhost";
}

sub vcl_recv {

  set req.http.X-Forwarded-Port = "80";

  # check if the request is comming from localhost, then it is from hitch (SSL terminator)
  if(client.ip ~ SSLfromlocalhost)
  {
    set req.http.x-forwarded-proto = "https";
    set req.http.X-Forwarded-Port = "443";
  }
...