From 33cad7a97038c4be9a8f8d79f974007669598a39 Mon Sep 17 00:00:00 2001
From: aTheo <atheodor@redhat.com>
Date: Wed, 27 Sep 2023 21:56:22 +0200
Subject: [PATCH] Set  correctly for redirects on vscode and rstudio nginx
 (#226)

---
 .../c9s-python-3.9/nginx/httpconf/http.conf   |  5 +++++
 .../nginx/serverconf/proxy.conf.template      |  9 +++++----
 .../serverconf/proxy.conf.template_nbprefix   | 13 +++++++------
 .../c9s-python-3.9/nginx/httpconf/http.conf   |  5 +++++
 .../nginx/serverconf/proxy.conf.template      | 13 +++++++------
 .../serverconf/proxy.conf.template_nbprefix   | 19 ++++++++++---------
 6 files changed, 39 insertions(+), 25 deletions(-)

diff --git a/codeserver/c9s-python-3.9/nginx/httpconf/http.conf b/codeserver/c9s-python-3.9/nginx/httpconf/http.conf
index e67e3a405..67690d665 100644
--- a/codeserver/c9s-python-3.9/nginx/httpconf/http.conf
+++ b/codeserver/c9s-python-3.9/nginx/httpconf/http.conf
@@ -32,3 +32,8 @@ log_format json escape=json '[{'
     '"execution_state":"busy",'
     '"connections": 1'
     '}]';
+
+map $http_x_forwarded_proto $custom_scheme {
+        default $scheme;
+        https https;
+}
diff --git a/codeserver/c9s-python-3.9/nginx/serverconf/proxy.conf.template b/codeserver/c9s-python-3.9/nginx/serverconf/proxy.conf.template
index ae29862b2..4b3c9a1af 100644
--- a/codeserver/c9s-python-3.9/nginx/serverconf/proxy.conf.template
+++ b/codeserver/c9s-python-3.9/nginx/serverconf/proxy.conf.template
@@ -16,7 +16,7 @@ location /api/ {
 # api calls from culler get to CGI processing
 ###############
 location = /api/kernels {
-    return 302 $scheme://$http_host/api/kernels/;
+    return 302 $custom_scheme://$http_host/api/kernels/;
     access_log  off;
 }
 
@@ -36,11 +36,11 @@ location /api/kernels/ {
 # root and prefix get to VSCode endpoint
 ###############
 location = / {
-    return 302 $scheme://$http_host/vscode/;
+    return 302 $custom_scheme://$http_host/vscode/;
 }
 
 location = /vscode {
-    return 302 $scheme://$http_host/vscode/;
+    return 302 $custom_scheme://$http_host/vscode/;
 }
 
 location /vscode/ {
@@ -54,10 +54,11 @@ location /vscode/ {
     # Needed to make it work properly
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $custom_scheme;
     proxy_set_header Host $http_host;
     proxy_set_header X-NginX-Proxy true;
     proxy_redirect off;
 
     access_log /var/log/nginx/vscode.access.log json if=$loggable;
 }
-###############
\ No newline at end of file
+###############
diff --git a/codeserver/c9s-python-3.9/nginx/serverconf/proxy.conf.template_nbprefix b/codeserver/c9s-python-3.9/nginx/serverconf/proxy.conf.template_nbprefix
index 893160767..dfe0b9ede 100644
--- a/codeserver/c9s-python-3.9/nginx/serverconf/proxy.conf.template_nbprefix
+++ b/codeserver/c9s-python-3.9/nginx/serverconf/proxy.conf.template_nbprefix
@@ -16,12 +16,12 @@ location ${NB_PREFIX}/api/ {
 # api calls from culler get to CGI processing
 ###############
 location = ${NB_PREFIX}/api/kernels {
-    return 302 $scheme://$http_host/api/kernels/;
+    return 302 $custom_scheme://$http_host/api/kernels/;
     access_log  off;
 }
 
 location ${NB_PREFIX}/api/kernels/ {
-    return 302 $scheme://$http_host/api/kernels/;
+    return 302 $custom_scheme://$http_host/api/kernels/;
     access_log  off;
 }
 
@@ -41,19 +41,19 @@ location /api/kernels/ {
 # root and prefix get to VSCode endpoint
 ###############
 location = ${NB_PREFIX} {
-    return 302 $scheme://$http_host/vscode/;
+    return 302 $custom_scheme://$http_host/vscode/;
 }
 
 location ${NB_PREFIX}/ {
-    return 302 $scheme://$http_host/vscode/;
+    return 302 $custom_scheme://$http_host/vscode/;
 }
 
 location = /vscode {
-    return 302 $scheme://$http_host/vscode/;
+    return 302 $custom_scheme://$http_host/vscode/;
 }
 
 location = / {
-    return 302 $scheme://$http_host/vscode/;
+    return 302 $custom_scheme://$http_host/vscode/;
 }
 
 location /vscode/ {
@@ -64,6 +64,7 @@ location /vscode/ {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection $connection_upgrade;
     proxy_read_timeout 20d;
+    proxy_set_header X-Forwarded-Proto $custom_scheme;
 
     access_log /var/log/nginx/vscode.access.log json if=$loggable;
 }
diff --git a/rstudio/c9s-python-3.9/nginx/httpconf/http.conf b/rstudio/c9s-python-3.9/nginx/httpconf/http.conf
index f08394620..50a0a13ff 100644
--- a/rstudio/c9s-python-3.9/nginx/httpconf/http.conf
+++ b/rstudio/c9s-python-3.9/nginx/httpconf/http.conf
@@ -32,3 +32,8 @@ log_format json escape=json '[{'
     '"execution_state":"busy",'
     '"connections": 1'
     '}]';
+
+map $http_x_forwarded_proto $custom_scheme {
+        default $scheme;
+        https https;
+}
diff --git a/rstudio/c9s-python-3.9/nginx/serverconf/proxy.conf.template b/rstudio/c9s-python-3.9/nginx/serverconf/proxy.conf.template
index d1ebd3c95..3c2194c35 100644
--- a/rstudio/c9s-python-3.9/nginx/serverconf/proxy.conf.template
+++ b/rstudio/c9s-python-3.9/nginx/serverconf/proxy.conf.template
@@ -1,8 +1,8 @@
 ###############
 # Fix rstudio-server auth-sign-in redirect bug
 ###############
-rewrite ^/auth-sign-in(.*) "$scheme://$http_host/rstudio/auth-sign-in$1?appUri=%2Frstudio";
-rewrite ^/auth-sign-out(.*) "$scheme://$http_host/rstudio/auth-sign-out$1?appUri=%2Frstudio";
+rewrite ^/auth-sign-in(.*) "$custom_scheme://$http_host/rstudio/auth-sign-in$1?appUri=%2Frstudio";
+rewrite ^/auth-sign-out(.*) "$custom_scheme://$http_host/rstudio/auth-sign-out$1?appUri=%2Frstudio";
 ###############
 
 ###############
@@ -20,7 +20,7 @@ location /api/ {
 }
 
 location = /api/kernels {
-    return 302 $scheme://$http_host/api/kernels/;
+    return 302 $custom_scheme://$http_host/api/kernels/;
     access_log  off;
 }
 
@@ -40,11 +40,11 @@ location /api/kernels/ {
 # api calls from culler get to CGI processing
 ###############
 location = / {
-    return 302 $scheme://$http_host/rstudio/;
+    return 302 $custom_scheme://$http_host/rstudio/;
 }
 
 location = /rstudio {
-    return 302 $scheme://$http_host/rstudio/;
+    return 302 $custom_scheme://$http_host/rstudio/;
 }
 
 location /rstudio/ {
@@ -57,9 +57,10 @@ location /rstudio/ {
     proxy_read_timeout 20d;
 
     # Needed to make it work properly
-    proxy_set_header X-RStudio-Request $scheme://$http_host$request_uri;
+    proxy_set_header X-RStudio-Request $custom_scheme://$http_host$request_uri;
     proxy_set_header X-RStudio-Root-Path /rstudio;
     proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Proto $custom_scheme;
 
     access_log /var/log/nginx/rstudio.access.log json if=$loggable;
 }
diff --git a/rstudio/c9s-python-3.9/nginx/serverconf/proxy.conf.template_nbprefix b/rstudio/c9s-python-3.9/nginx/serverconf/proxy.conf.template_nbprefix
index d039bf99d..fc4897699 100644
--- a/rstudio/c9s-python-3.9/nginx/serverconf/proxy.conf.template_nbprefix
+++ b/rstudio/c9s-python-3.9/nginx/serverconf/proxy.conf.template_nbprefix
@@ -1,8 +1,8 @@
 ###############
 # Fix rstudio-server auth-sign-in redirect bug
 ###############
-rewrite ^/auth-sign-in(.*) "$scheme://$http_host/rstudio/auth-sign-in$1?appUri=%2Frstudio";
-rewrite ^/auth-sign-out(.*) "$scheme://$http_host/rstudio/auth-sign-out$1?appUri=%2Frstudio";
+rewrite ^/auth-sign-in(.*) "$custom_scheme://$http_host/rstudio/auth-sign-in$1?appUri=%2Frstudio";
+rewrite ^/auth-sign-out(.*) "$custom_scheme://$http_host/rstudio/auth-sign-out$1?appUri=%2Frstudio";
 ###############
 
 ###############
@@ -34,12 +34,12 @@ location /api/ {
 # api calls from culler get to CGI processing
 ###############
 location = ${NB_PREFIX}/api/kernels {
-    return 302 $scheme://$http_host/api/kernels/;
+    return 302 $custom_scheme://$http_host/api/kernels/;
     access_log  off;
 }
 
 location ${NB_PREFIX}/api/kernels/ {
-    return 302 $scheme://$http_host/api/kernels/;
+    return 302 $custom_scheme://$http_host/api/kernels/;
     access_log  off;
 }
 
@@ -59,19 +59,19 @@ location /api/kernels/ {
 # root and prefix get to RStudio endpoint
 ###############
 location = ${NB_PREFIX} {
-    return 302 $scheme://$http_host/rstudio/;
+    return 302 $custom_scheme://$http_host/rstudio/;
 }
 
 location ${NB_PREFIX}/ {
-    return 302 $scheme://$http_host/rstudio/;
+    return 302 $custom_scheme://$http_host/rstudio/;
 }
 
 location = /rstudio {
-    return 302 $scheme://$http_host/rstudio/;
+    return 302 $custom_scheme://$http_host/rstudio/;
 }
 
 location = / {
-    return 302 $scheme://$http_host/rstudio/;
+    return 302 $custom_scheme://$http_host/rstudio/;
 }
 
 location /rstudio/ {
@@ -84,9 +84,10 @@ location /rstudio/ {
     proxy_read_timeout 20d;
 
     # Needed to make it work properly
-    proxy_set_header X-RStudio-Request $scheme://$http_host$request_uri;
+    proxy_set_header X-RStudio-Request $custom_scheme://$http_host$request_uri;
     proxy_set_header X-RStudio-Root-Path /rstudio;
     proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Proto $custom_scheme;
 
     access_log /var/log/nginx/rstudio.access.log json if=$loggable;
 }