Hi,
We have 2 pyramid (1.5) apps run by gunicorn behind nginx as reverse proxy,
both in the same HTTPS vhost. One app is at location /, and the other is at
/bla/. This is the relevant configuration of the vhost:
server {
listen 443 ssl;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location /bla/ {
proxy_pass http://app1.docker:8080/bla/;
proxy_redirect http://app1.docker:8080/bla/ http://$host/bla/;
proxy_set_header Host localhost;
proxy_set_header SCRIPT_NAME /bla;
proxy_set_header X-Forwarded-Host localhost;
proxy_set_header X-Forwarded-Proto https;
}
location / {
proxy_pass http://app2.docker:8080/;
proxy_redirect off;
}
}
Everything works as expected except for the scheme part of url generation.
Calls to static_url in the templates (using pyramid_jinja2 2.1) produce
correct URLs except that they use an HTTP scheme. Calls to route_url in the
templates produce correct URLs including the scheme. Calls to route_url in
python view code produce URLs with incorrect HTTP scheme. Adding a handler
for the NewRequest event fixes this issue, like this:
@subscriber(NewRequest)
def set_request_scheme(event):
if 'HTTP_X_FORWARDED_PROTO' in event.request.environ:
event.request.scheme =
event.request.environ['HTTP_X_FORWARDED_PROTO']
However, I wonder if we are doing something incorrectly, perhaps there is
some other header that can be set in nginx, or some particular
configuration in pyramid?
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/d/optout.
