我正在向OpenShift上的可扩展应用程序发送ssl流量,但奇怪的是,HAProxy继续将X-Forwarded-Proto标头设置为http而不是https,触发快速中间件“express-sslify”导致“对许多人”重定向“错误。下面的代码段来自florianheinemann的express-sslify,用于演示不正确的标头值如何导致301循环。
var enforceHTTPS = function(options) {
...
// First, check if directly requested via https
var isHttps = req.secure;
// Second, if the request headers can be trusted (e.g. because they are send
// by a proxy), check if x-forward-proto is set to https
if(!isHttps && options.trustProtoHeader) {
isHttps = ((req.headers["x-forwarded-proto"] || '').substring(0,5) === 'https');
}
...
if(isHttps) {
next();
} else {
// Only redirect GET methods
if(req.method === "GET" || req.method === 'HEAD') {
res.redirect(301, "https://" + req.headers.host + req.originalUrl);
} else {
res.status(403).send("Please use HTTPS when submitting data to this server.");
}
}
};
};
在我自己的代码中,我正在使用带有trustProtoHeader选项的模块:app.use(enforce.HTTPS({ trustProtoHeader: true }))
。 HAProxy由OpenShift配置,虽然我也在[https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template][1]上尝试了他们的模板。
非常感谢任何帮助。