redirect() drops HTTPS when proxied behind Apache
Chris Miles
RewriteRule ^/myapp/(.*) http://127.0.0.1:8080/$1 [L,P]
so the app exists on the public side under the root path /myapp/.
So I configure TG with:
server.webpath="/myapp"
base_url_filter.on = True
base_url_filter.base_url = "https://my.domain.com"
(yes it is proxied behind SSL)
With this setup, turbogears.redirect() does not behave properly for
me. It nearly does the right thing, but drops "https" back to "http".
I've started using this repacement to redirect() which works better
for me:
def redirect(redirect_path):
if '://' in redirect_path:
redirect_to = redirect_path
else:
redirect_to = config.get('base_url_filter.base_url', '') + \
config.get('server.webpath', '') + \
redirect_path
raise cherrypy.HTTPRedirect(redirect_to)
It may be specific to my case, but it handles proxied configurations
better.
Jorge Godoy
> I'm proxying my TG app behind Apache HTTPS with the rule:
>
> RewriteRule ^/myapp/(.*) http://127.0.0.1:8080/$1 [L,P]
>
> so the app exists on the public side under the root path /myapp/.
>
> So I configure TG with:
>
> server.webpath="/myapp"
> base_url_filter.on = True
> base_url_filter.base_url = "https://my.domain.com"
>
> (yes it is proxied behind SSL)
>
> With this setup, turbogears.redirect() does not behave properly for
> me. It nearly does the right thing, but drops "https" back to "http".
I don't use mod_rewrite, but with mod_proxy you don't have such a
problem. All my critical applications are deployed behind HTTPS and
I've never had to change anything.
Have you tried using it instead of mod_rewrite?
--
Jorge Godoy <jgo...@gmail.com>
Chris Miles
On Apr 24, 12:26 am, Jorge Godoy <jgo...@gmail.com> wrote:
> Chris Miles <miles.ch...@gmail.com> writes:
> > With this setup, turbogears.redirect() does not behave properly for
> > me. It nearly does the right thing, but drops "https" back to "http".
>
> I don't use mod_rewrite, but with mod_proxy you don't have such a
> problem. All my critical applications are deployed behind HTTPS and
> I've never had to change anything.
>
> Have you tried using it instead of mod_rewrite?
I haven't tried using mod_proxy instead, I will give that a go. Thanks
Jorge.
Cheers,
CM
Chris Miles
> I haven't tried using mod_proxy instead, I will give that a go. Thanks
> Jorge.
OK, I got this working, the important part of the equation is the
ProxyPassReverse directive. Redirection working correctly is
extremely sensitive to the configuration, you have to get it exactly
right. Here's what you need, for reference:
Apache:
<VirtualHost _default_:443>
ProxyRequests Off # optional: for safety
ProxyPass /myapp/ http://127.0.0.1:8080/
ProxyPassReverse /myapp/ http://127.0.0.1:8080/
# Of course, all the other directives for SSL, etc would be included
too
</VirtualHost>
Note that ProxyPass can be replaced with RewriteRule, they both work
equally well with ProxyPassReverse. ie:
RewriteEngine On
RewriteRule ^/myapp/(.*) http://127.0.0.1:8080/$1 [L,P]
ProxyPassReverse /myapp/ http://127.0.0.1:8080/
Of course, ProxyPass looks neater. But RewriteRule may be useful for
custom rules.
It is important also to note that you must not enable
"ProxyPreserveHost on" as this confuses the issue and redirects do not
work properly if it is used.
On the TurboGears side, you don't actually have to do anything other
than:
server.webpath="/myapp"
which is only needed if you are mounting the application at a
different virtual path to where TG thinks it is located. Leave all
the other "base_url_filter" options disabled.
Cheers,
Chris
Johnny Blonde
this was just a perfect summarization of the task!
i now set it up and it seems to work smoothly...
but under the hood i´m frequently getting errors on the commandline
like this ones:
http://paste.turbogears.org/paste/1236
and i´m not quite sure what to do.
this is my httpd.conf (extract)
<VirtualHost _default_:12345>
ProxyRequests Off
ProxyPass /abrechnung/ http://127.0.0.1:8080/
ProxyPassReverse /abrechnung/ http://127.0.0.1:8080/
RewriteEngine on
RewriteRule ^/static(.*) /srv/www/Tag-der-Abrechnung/tagderabrechnung/
static$1 [L]
</VirtualHost>
and in my app.cfg/dev.cfg:
server.webpath="/abrechnung"
any ideas?
Regards, Frank
Dakila
Anyone able to solve/explain the command line exceptions generated by
cherrypy when proxying behind apache?
Regards,
Dakila
On Apr 25, 7:07 pm, Johnny Blonde <frank.wagner.1...@googlemail.com>
wrote:
> thanks a lot chris,
>
> this was just a perfect summarization of the task!
>
> i now set it up and it seems to work smoothly...
>
> but under the hood i´m frequently getting errors on the commandline
> like this ones:
>
> http://paste.turbogears.org/paste/1236
>
> and i´m not quite sure what to do.
>
> this is my httpd.conf (extract)
>
> <VirtualHost _default_:12345>
>
> ProxyRequests Off
> ProxyPass /abrechnung/http://127.0.0.1:8080/
> ProxyPassReverse /abrechnung/http://127.0.0.1:8080/
Chris Miles
they really are) and I've seen the same happening when I've proxied
TG apps behind Apache. On the browser side I couldn't see any
missing elements in the page; the site appeared to work fine. I
never got a chance to look deeper into why spurious 404 errors were
being generated when the site looked fine.
Cheers
Chris
Johnny Blonde
through apache, because of big performance decreases...
i now skipped https, and opened a port for cherrypy.
Sorry, that i don´t have any better news.
Regards, Frank
aspineux
On Apr 24, 1:04 pm, Chris Miles <miles.ch...@gmail.com> wrote:
> On Apr 24, 8:36 am, Chris Miles <miles.ch...@gmail.com> wrote:
>
> > I haven't tried usingmod_proxyinstead, I will give that a go. Thanks
> > Jorge.
>
> OK, I got this working, the important part of the equation is the
> ProxyPassReverse directive. Redirection working correctly is
> extremely sensitive to the configuration, you have to get it exactly
> right. Here's what you need, for reference:
>
> Apache:
>
> <VirtualHost _default_:443>
> ProxyRequests Off # optional: for safety
> ProxyPass /myapp/http://127.0.0.1:8080/
> ProxyPassReverse /myapp/http://127.0.0.1:8080/
> # Of course, all the other directives for SSL, etc would be included
if server.webpath="/myapp"
then
ProxyPass /myapp/ http://127.0.0.1:8080/myapp/
ProxyPassReverse /myapp/ http://127.0.0.1:8080/myapp/
It works for me
> too
> </VirtualHost>
>
> Note that ProxyPass can be replaced with RewriteRule, they both work
> equally well with ProxyPassReverse. ie:
>
> RewriteEngine On
> RewriteRule ^/myapp/(.*)http://127.0.0.1:8080/$1[L,P]
> ProxyPassReverse /myapp/http://127.0.0.1:8080/
Chris
I have a similar problem allthough i was using ProxyPass all the way
through and no rewrite rules.What i found was the redirect threw the
full ServerName and not the localhost:8080 so the ProxyPassReverse was
not applying the rule. I fixed the problem by adding a second rule/
line of ProxyPassReverse
ProxyPassReverse /abrechnung/ http://<sitename>/
Chris
On Apr 25, 12:07 pm, Johnny Blonde <frank.wagner.1...@googlemail.com>
wrote:
> thanks a lot chris,
>
> this was just a perfect summarization of the task!
>
> i now set it up and it seems to work smoothly...
>
> but under the hood i´m frequently getting errors on the commandline
> like this ones:
>
> http://paste.turbogears.org/paste/1236
>
> and i´m not quite sure what to do.
>
> this is my httpd.conf (extract)
>
> <VirtualHost _default_:12345>
>
> ProxyRequests Off
> ProxyPass /abrechnung/http://127.0.0.1:8080/
> ProxyPassReverse /abrechnung/http://127.0.0.1:8080/