From 55e4b226794c12c679617e658e7b6ff6fc82e256 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADnez=20=C3=9Abeda?= Date: Wed, 26 Dec 2018 17:44:58 +0100 Subject: [PATCH] Added use of HTTP forwarded scheme from Forward header if FORWARD_SCHEME environment variable is set. This allows using a TLS termination proxy. Added use of Forward header scheme to README.md. --- README.md | 3 +++ src/app_engine/apprtc.py | 11 ++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 73cad29a2..626b9005d 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,9 @@ Instructions were performed on Ubuntu 14.04 using Python 2.7.6 and Go 1.6.3. `https://[YOUR_VERSION_ID]-dot-[YOUR_PROJECT_ID]` (append `?wstls=false` to the URL if you have TLS disabled on Collider for dev/testing purposes). +### Use Forward header scheme +Setting environment variable ``FORWARD_SCHEME=True`` enables AppRTC to use the scheme declared in the Forwarded header ([RFC7239](https://tools.ietf.org/html/rfc7239)) so that it can be used behind a TLS terminating proxy. + ## Advanced Topics ### Enabling Local Logging diff --git a/src/app_engine/apprtc.py b/src/app_engine/apprtc.py index d86039d2e..bba7916a3 100755 --- a/src/app_engine/apprtc.py +++ b/src/app_engine/apprtc.py @@ -300,7 +300,16 @@ def get_room_parameters(request, room_id, client_id, is_initiator): 'bypass_join_confirmation': json.dumps(bypass_join_confirmation), 'version_info': json.dumps(get_version_info()) } - + + # If set to true it will take the protocol (scheme) from the http Forward + # header. Allows using a TLS termination proxy. + forward_scheme = 'FORWARD_SCHEME' in os.environ and \ + os.environ['FORWARD_SCHEME'] == 'True' + if forward_scheme: + forwarded = request.headers['Forwarded'] + forwarded = dict(item.split("=") for item in forwarded.split(";")) + request.scheme = forwarded['proto'] + if room_id is not None: room_link = request.host_url + '/r/' + room_id room_link = append_url_arguments(request, room_link)