start-loggerhead script doesn't properly set the wsgi.url_scheme from the server.webpath option

Bug #260547 reported by neror
8
Affects Status Importance Assigned to Milestone
loggerhead
Fix Released
Medium
Michael Hudson-Doyle

Bug Description

When proxying SSL requests through apache to the loggerhead daemon run with the start-loggerhead script, the url_scheme (http or https) is ignored in the setup of the wsgi environment. I set the server.webpath option in the conf file to https://xxx.com/bzr and all of the urls generated by the templates start with http://xxx.com/bzr. The start-loggerhead script needs to set the wsgi.url_scheme environment variable to the proper scheme. Since this is a one line change to the script I've attached a patch against r208 of the file instead of publishing my branch.

Revision history for this message
neror (bignate) wrote :
Paul Hummer (rockstar)
Changed in loggerhead:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Wouter van Heyst (larstiq) wrote :

This is still/also occuring to me with `serve-branches`. The fs hierarchy is fine, but when I try /changes or /annotate from a branch view, I'm directed to a http:// instead of https:// variant.

I've looked at the start-loggerhead.patch and the current code, but loggerhead 1.10 looks to be a little bit more complex.

Revision history for this message
David Parker (dparker) wrote :

neror's start-loggerhead.patch seems to be working well for me, thanks

Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

And it's obviously correct, so I merged it. Sorry for letting this languish for so long!

Wouter: I think you have a separate problem -- how are you running serve-branches over https, for starters?

Changed in loggerhead:
assignee: nobody → mwhudson
status: Triaged → Fix Committed
Revision history for this message
Wouter van Heyst (larstiq) wrote :

Yeah, not exactly the same problem alas.

I'm running loggerhead with apache proxying in front of it:

    /usr/bin/serve-branches -- /srv/bzr --log-folder /var/log/loggerhead --prefix=/loggerhead

And then for the SSL vhost:

    <Location /loggerhead/>
            ProxyPass http://localhost:8080/
            ProxyPassReverse http://localhost:8080/
            Order allow,deny
            Allow from all
            Deny from none
    </Location>

Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Well, I don't think there's any way loggerhead can know it's running over https here :/ I guess serve-branches needs a --https option, really.

Revision history for this message
Robert Collins (lifeless) wrote : Re: [Bug 260547] Re: start-loggerhead script doesn't properly set the wsgi.url_scheme from the server.webpath option

On Mon, 2009-03-02 at 20:11 +0000, Michael Hudson wrote:
> Well, I don't think there's any way loggerhead can know it's running
> over https here

There is a "standard" for this. OWA has the same trouble, MS put a
header 'Front-End-Https: On' into requests received on HTTPS and
forwarded to a HTTP backend.

squid supports this (front-end-https in the peer flags) :P. For apache,
probably manually configure it.

-Rob

Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote : Re: [Bug 260547] Re: start-loggerhead script doesn't properly set the wsgi.url_scheme from the server.webpath option

Robert Collins wrote:
> On Mon, 2009-03-02 at 20:11 +0000, Michael Hudson wrote:
>> Well, I don't think there's any way loggerhead can know it's running
>> over https here
>
> There is a "standard" for this. OWA has the same trouble, MS put a
> header 'Front-End-Https: On' into requests received on HTTPS and
> forwarded to a HTTP backend.
>
> squid supports this (front-end-https in the peer flags) :P. For apache,
> probably manually configure it.

Yeah, we add an X-Forwarded-Scheme for launchpad for this. If
"front-end-https" is a semi standard though, let's use that.

Cheers,
mwh

Revision history for this message
Wouter van Heyst (larstiq) wrote : Re: [Bug 260547] Re: start-loggerhead script doesn't properly set the wsgi.url_scheme from the server.webpath option

On Mon, Mar 02, 2009 at 08:11:15PM -0000, Michael Hudson wrote:
> Well, I don't think there's any way loggerhead can know it's running
> over https here :/ I guess serve-branches needs a --https option,
> really.

Actually, if loggerhead wouldn't generate absolute urls but relative
ones, there wouldn't be a scheme or host to correct.

Wouter van Heyst

Revision history for this message
Wouter van Heyst (larstiq) wrote :

The attached patch "works" for me in that it fixes all the links I care about, but breaks some other usage of url() (like advertising how get the bzr branch)

Martin Albisetti (beuno)
Changed in loggerhead:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.