Hi Jens, you must edit setting at two places
in the nginx server definition you must add proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Port $server_port; and in die pyramid ini file you must add to the server:main section trusted_proxy = *trusted_proxy_headers = x-forwarded-for x-forwarded-host x-forwarded-proto x-forwarded-port
trusted_proxy = * should only be used in a container setting, as it accepts these header from all host.
With these settings waitress knows everything about the original connection and fills the values in the request object to fit the original connection
Regards Estartu Am 14.12.21 um 01:21 schrieb Jens Troeger:
Hello,I’ve seen some conversation here about running a Pyramid app server inside a Docker container, but none has really answered my questions.My setup is that nginx runs on the host and currently uses /proxy_pass/ <https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass> to forward requests to the container’s external port, so that the requests are then processed and responded to by the Pyramid application running inside the container.*Question*: Inside the container I’m running the Pyramid application using pserve <https://docs.pylonsproject.org/projects/pyramid/en/latest/pscripts/pserve.html> which listens on the container’s mapped internal port. Should I switch to gunicorn <https://docs.gunicorn.org/en/stable/> instead? Does it matter in such a setup?The /proxy_pass/ URL is http://127.0.0.1:6543 which means that the external https gets lost. That, in turn, means that within the Pyramid app (inside of the container) calls to e.g. static_url() <https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#pyramid.request.Request.static_url> return a http route instead of the necessary & expected https.*Question*: I currently use prefix WSGI middleware to rewrite responses (discussion <https://github.com/Pylons/pyramid/issues/1435#issuecomment-61654089>) but that feels hacky. Unfortunately, I wasn’t able to make X-Forward-Proto <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto> HTTP header work quite yet so what’s the current recommendation here? Is the Using Behind a Reverse Proxy <https://docs.pylonsproject.org/projects/waitress/en/latest/reverse-proxy.html> page current and working?*Question*: Are there any benefits to using a UNIX socket for /proxy_pass/, instead of HTTP?Much thanks in advance! Jens --You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/508f077e-ff7e-47c4-9e8f-ee5f018e9a7en%40googlegroups.com <https://groups.google.com/d/msgid/pylons-discuss/508f077e-ff7e-47c4-9e8f-ee5f018e9a7en%40googlegroups.com?utm_medium=email&utm_source=footer>.
-- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/4f32ea6b-0248-0d50-efb8-c3d435103634%40augusta.de.
OpenPGP_0x3EE6A5DC78826E6B.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
