Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding in some proxyification adjustments #13

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

adding in some proxyification adjustments #13

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
99590c0
adding in some proxyification adjustments
Jun 11, 2017
f31cdf2
updated X-Forwarded-Proto header setting to check if there is already
Jun 11, 2017
3edd9ca
fixed typo
Jun 14, 2017
e79c7eb
updates based on PR feedback and update to
Jul 8, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 24 additions & 6 deletions underpants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,10 @@ type conf struct {
// A special group, `*`, may be specified which allows any authenticated
// user.
AllowedGroups []string `json:"allowed-groups"`

// Fix the host header on the requst to the backend proxied service to match
Copy link

@dragonsinth dragonsinth Jun 14, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/requst/request (found by @jhump)

// what came in through the front door.
FixHost bool
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the property here should be a little more descriptive. How about pass-through-host-header or retain-host-header. Also be sure to add this directive to one of the sample json files.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like retain host header .. updating now.

}
}

Expand Down Expand Up @@ -219,6 +223,9 @@ type disp struct {

// The groups which may access this backend.
groups []string

// if the host header is to be fixed for this dispatcher or not
fixhost bool
}

// Construct a URL to the oauth provider that with carry the provided URL as state
Expand Down Expand Up @@ -319,6 +326,10 @@ func serveHttpProxy(d *disp, w http.ResponseWriter, r *http.Request) {
br.Header.Add("Underpants-Email", url.QueryEscape(u.Email))
br.Header.Add("Underpants-Name", url.QueryEscape(u.Name))

if d.fixhost {
br.Host = d.host
}

bp, err := http.DefaultTransport.RoundTrip(br)
if err != nil {
panic(err)
Expand Down Expand Up @@ -432,8 +443,14 @@ func hostOf(name string, port int) string {
func addSecurityHeaders(c *conf, next http.Handler) http.Handler {
if c.AddSecurityHeaders {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var proto = "http"
if c.HasCerts() {
w.Header().Add("Strict-Transport-Security", "max-age=16070400; includeSubDomains")
proto = "https"
}

if r.Header.Get("X-Forwarded-Proto") != "" {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is backwards, should be == ""

r.Header.Add("X-Forwarded-Proto", proto)
}

w.Header().Add("X-Frame-Options", "SAMEORIGIN")
Expand Down Expand Up @@ -470,12 +487,13 @@ func setup(c *conf, port int) (*http.ServeMux, error) {
}

m.Handle(fmt.Sprintf("%s/", host), addSecurityHeaders(c, &disp{
config: c,
route: &route{host: uri.Host, scheme: uri.Scheme},
host: host,
key: key,
oauth: oc,
groups: r.AllowedGroups,
config: c,
route: &route{host: uri.Host, scheme: uri.Scheme},
host: host,
key: key,
oauth: oc,
groups: r.AllowedGroups,
fixhost: r.FixHost,
}))
}

Expand Down