From 9a4e36a4f911e61aee1455806a637d97dc97a798 Mon Sep 17 00:00:00 2001 From: Jason Frey Date: Tue, 16 Jun 2020 17:04:30 -0400 Subject: [PATCH] Merge branch 'add_request_header_directives' into '5.12.z' Add the RequestHeader directive to httpd conf See merge request cloudforms/cfme-pods!1 (cherry picked from commit fba4726f371bdc0f3d2ed8562abf902a2d6429a7) --- .../pkg/helpers/miq-components/httpd.go | 2 +- .../pkg/helpers/miq-components/httpd_conf.go | 27 ++++++++++--------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/manageiq-operator/pkg/helpers/miq-components/httpd.go b/manageiq-operator/pkg/helpers/miq-components/httpd.go index d4cabb078..ca872eea5 100644 --- a/manageiq-operator/pkg/helpers/miq-components/httpd.go +++ b/manageiq-operator/pkg/helpers/miq-components/httpd.go @@ -94,7 +94,7 @@ func HttpdConfigMap(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1.C } data := map[string]string{ - "application.conf": httpdApplicationConf(), + "application.conf": httpdApplicationConf(cr.Spec.ApplicationDomain), "authentication.conf": httpdAuthenticationConf(&cr.Spec), } diff --git a/manageiq-operator/pkg/helpers/miq-components/httpd_conf.go b/manageiq-operator/pkg/helpers/miq-components/httpd_conf.go index 9427650ce..8d6f1ec49 100644 --- a/manageiq-operator/pkg/helpers/miq-components/httpd_conf.go +++ b/manageiq-operator/pkg/helpers/miq-components/httpd_conf.go @@ -15,8 +15,8 @@ func httpdAuthConfigurationConf() string { } // application.conf -func httpdApplicationConf() string { - return ` +func httpdApplicationConf(applicationDomain string) string { + s := ` Listen 8080 # Timeout: The number of seconds before receives and sends time out. Timeout 120 @@ -27,28 +27,30 @@ Options SymLinksIfOwnerMatch KeepAlive on # Without ServerName mod_auth_mellon compares against http:// and not https:// from the IdP - ServerName https://%{REQUEST_HOST} + ServerName https://%%{REQUEST_HOST} ProxyPreserveHost on + RequestHeader set Host %s + RequestHeader set X-Forwarded-Host %s - RewriteCond %{REQUEST_URI} ^/ws/notifications [NC] - RewriteCond %{HTTP:UPGRADE} ^websocket$ [NC] - RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] - RewriteRule .* ws://ui:3000%{REQUEST_URI} [P,QSA,L] + RewriteCond %%{REQUEST_URI} ^/ws/notifications [NC] + RewriteCond %%{HTTP:UPGRADE} ^websocket$ [NC] + RewriteCond %%{HTTP:CONNECTION} ^Upgrade$ [NC] + RewriteRule .* ws://ui:3000%%{REQUEST_URI} [P,QSA,L] ProxyPassReverse /ws/notifications ws://ui:3000/ws/notifications - RewriteCond %{REQUEST_URI} !^/api + RewriteCond %%{REQUEST_URI} !^/api # For httpd, some ErrorDocuments must by served by the httpd pod - RewriteCond %{REQUEST_URI} !^/proxy_pages + RewriteCond %%{REQUEST_URI} !^/proxy_pages # For SAML /saml2 is only served by mod_auth_mellon in the httpd pod - RewriteCond %{REQUEST_URI} !^/saml2 + RewriteCond %%{REQUEST_URI} !^/saml2 # For OpenID-Connect /openid-connect is only served by mod_auth_openidc - RewriteCond %{REQUEST_URI} !^/openid-connect + RewriteCond %%{REQUEST_URI} !^/openid-connect - RewriteRule ^/ http://ui:3000%{REQUEST_URI} [P,QSA,L] + RewriteRule ^/ http://ui:3000%%{REQUEST_URI} [P,QSA,L] ProxyPassReverse / http://ui:3000/ ProxyPass /api http://web-service:3000/api @@ -65,6 +67,7 @@ Options SymLinksIfOwnerMatch CustomLog "| /usr/bin/tee /proc/1/fd/1 /var/log/httpd/access_log" common ` + return fmt.Sprintf(s, applicationDomain, applicationDomain) } // authentication.conf