HAProxy继续在OpenShift上将X-Forwarded-Proto标头设置为http而不是https

时间:2016-07-22 00:43:21

标签: node.js ssl openshift haproxy

我正在向OpenShift上的可扩展应用程序发送ssl流量,但奇怪的是,HAProxy继续将X-Forwarded-Proto标头设置为http而不是https,触发快速中间件“express-sslify”导致“对许多人”重定向“错误。下面的代码段来自florianheinemann的express-sslify,用于演示不正确的标头值如何导致301循环。

var enforceHTTPS = function(options) {

    ...

    // First, check if directly requested via https
    var isHttps = req.secure;

    // Second, if the request headers can be trusted (e.g. because they are send
    // by a proxy), check if x-forward-proto is set to https
    if(!isHttps && options.trustProtoHeader) {
        isHttps = ((req.headers["x-forwarded-proto"] || '').substring(0,5) === 'https');
    }

    ...

    if(isHttps) {
        next();
    } else {
        // Only redirect GET methods
        if(req.method === "GET" || req.method === 'HEAD') {
            res.redirect(301, "https://" + req.headers.host + req.originalUrl);
        } else {
            res.status(403).send("Please use HTTPS when submitting data to this server.");
        }
    }
};

};

在我自己的代码中,我正在使用带有trustProtoHeader选项的模块:app.use(enforce.HTTPS({ trustProtoHeader: true }))。 HAProxy由OpenShift配置,虽然我也在[https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template][1]上尝试了他们的模板。

非常感谢任何帮助。

0 个答案:

没有答案