Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https 
On 5/24/22 12:30, Joakim Erdfelt wrote:
If you are going to use the ForwardedRequestCustomizer do yourself a favor and _only use the RFC 7239 mode_.
Do not use the X-Forwarded-* headers, they are a giant mess of conflicting behaviors and rules with no standardization behind them. Big players interpret the headers differently (Google, vs AWS, vs Azure, vs haproxy, etc)
Only use the `Forwarded` header, per the https://tools.ietf.org/html/rfc7239 spec. 
You'll eliminate so many support issues just by doing this.
Very cool!  I had to look that up.  Nice that there is a true standard for proxy headers.  I turned off the X-Forwarded-For header for that frontend and changed the line in the haproxy config adding X-Forwarded-Proto to this and it still works: 

http-request add-header Forwarded "for=\"%[src]\"; proto=https"
The info I found about using that RFC with haproxy had the proto setting referencing a variable, but that didn't work.  Had to hardcode it to https.  Which is OK, as the frontend only does https. 

Thanks,
Shawn

Back to the top