Fix swagger-ui behind a reverse proxy

Despite spring-doc documentation on how to set up the swagger-ui behind a reverse proxy, the X-Forwarded-Prefix request header is not honored. Fix by tweaking `SpringDocAutoConfiguration` to apply the prefix as appropriate.
geoserver · Mar 28, 2024 · 74eedea · 74eedea
1 parent c5f60b9
commit 74eedea
Show file tree

Hide file tree

Showing 17 changed files with 433 additions and 136 deletions.
diff --git a/Makefile b/Makefile
@@ -45,6 +45,7 @@ test-examples:
 # https://stackoverflow.com/questions/51115856/docker-failed-to-export-image-failed-to-create-image-failed-to-get-layer
 build-image:
 	@VERSION=`./mvnw help:evaluate -q -DforceStdout -Dexpression=project.version` && \
+	./mvnw clean package -f src/artifacts/api -DskipTests -T4 && \
 	DOCKER_BUILDKIT=1 docker build -t $(DOCKER_REPO):$${VERSION} src/artifacts/api/
 
 push-image:

diff --git a/compose.yml b/compose.yml
diff --git a/compose/.env b/compose/.env
@@ -0,0 +1,3 @@
+COMPOSE_PROJECT_NAME=acldev
+TAG=2.1-SNAPSHOT
+GATEWAY_TAG=1.7.0
diff --git a/compose/.gitignore b/compose/.gitignore
@@ -0,0 +1,2 @@
+cert.pem
+key.pem
diff --git a/compose/compose.yml b/compose/compose.yml
@@ -0,0 +1,77 @@
+version: "3.8"
+
+volumes:
+  acl_data:
+
+services:
+  acldb:
+    image: postgis/postgis:15-3.3
+    environment:
+      - POSTGRES_DB=acl
+      - POSTGRES_USER=acl
+      - POSTGRES_PASSWORD=acls3cr3t
+    volumes:
+      - acl_data:/var/lib/postgresql/data
+    restart: always
+    ports:
+      - 6432:5432
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U acl"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    deploy:
+      resources:
+        limits:
+          cpus: '4.0'
+          memory: 2G
+
+  acl:
+    image: geoservercloud/geoserver-acl:${TAG}
+    environment:
+      - PG_HOST=acldb
+      - PG_PORT=5432
+      - PG_DB=acl
+      - PG_SCHEMA=acl
+      - PG_USER=acl
+      - PG_PASSWORD=acls3cr3t
+      - SPRING_PROFILES_ACTIVE=logging_debug_requests
+    depends_on:
+      acldb:
+        condition: service_healthy
+        required: true    
+    ports:
+      - 8080:8080
+      - 8081:8081
+    deploy:
+      resources:
+        limits:
+          cpus: '4.0'
+          memory: 2G
+
+  gateway:
+    image: geoservercloud/geoserver-cloud-gateway:${GATEWAY_TAG}
+    user: 1000:1000
+    environment:
+      SPRING_PROFILES_ACTIVE: standalone
+      GEOSERVER_BASE_PATH: /geoserver/cloud
+    volumes:
+      - ./gateway-service.yml:/etc/geoserver/gateway-service.yml
+    ports:
+      - 9090:8080
+    deploy:
+      resources:
+        limits:
+          cpus: '4.0'
+          memory: 1G
+
+  nginx:
+    image: nginx
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf
+      - ./key.pem:/root/ssl/key.pem
+      - ./cert.pem:/root/ssl/cert.pem
+    ports:
+      - "443:443"
+    depends_on:
+      - gateway
diff --git a/compose/gateway-service.yml b/compose/gateway-service.yml
@@ -0,0 +1,35 @@
+geoserver.base-path: ${geoserver_base_path:}
+
+targets.acl: http://10.0.0.71:8080
+
+server:
+  forward-headers-strategy: framework
+
+spring:
+  cloud:
+    gateway:
+      x-forwarded:
+        for-enabled: true
+        host-enabled: true
+        port-enabled: true
+        proto-enabled: true
+        prefix-enabled: true
+      globalcors:
+        cors-configurations:
+          "[/**]":
+            allowedOrigins: "*"
+            allowedHeaders: "*"
+            allowedMethods: GET, PUT, POST, DELETE, OPTIONS, HEAD
+      default-filters:
+        - StripBasePath=${geoserver.base-path} #remove the base path on downstream requests
+      routes:
+        - id: acl
+          uri: ${targets.acl}
+          predicates:
+          - Path=${geoserver.base-path}/acl,${geoserver.base-path}/acl/**
+          filters:
+          - RewritePath=/acl,/acl/
+---
+spring.config.activate.on-profile: debug
+logging.level.root: debug
+
diff --git a/compose/nginx.conf b/compose/nginx.conf
@@ -0,0 +1,19 @@
+server { 
+    listen                  443 ssl;
+    listen                  [::]:443 ssl;
+    server_name             localhost;
+    ssl_certificate         /root/ssl/cert.pem;
+    ssl_certificate_key     /root/ssl/key.pem;
+
+    location / {
+        proxy_pass "http://gateway:8080/";
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+
+}
diff --git a/compose/run.sh b/compose/run.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# generate a certificate to mount on the nginx container
+openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 365 \
+    -subj "/C=GB/ST=London/L=London/O=Alros/OU=IT Department/CN=localhost"
+
+
+docker compose up