On 12/02/2015 01:02, Jonathan Biegert wrote:
All documentation I could find about gunicorn is heavily tied to nginx,
so perhaps apache is setting different X-Forward* Headers I might
emulate with RequestHeader set ...?
Indeed. Ideally you will want the Host header to give the
publicly-visible hostname (it looks like apache is putting this in
X-Forwarded-Host) and the X-Forwarded-Proto header to be "https".
Already tried that, but seems like I cannot set the Host: header. I can
add additional headers, though, so emulating what nginx sets should be
possible - if I knew what that is.
It doesn't look like gunicorn has support for any of the headers being
sent by apache.
Going that way, the question would be: Teach gunicorn, or teach the
syncserver code?
Teaching syncserver code may be the simplest option. The already do
*some* amount of this:
https://github.com/mozilla-services/syncserver/blob/master/syncserver/__init__.py#L100
We could just use the value of public_url and force the WSGI app
environment to match. I've been resisting that because I don't want to
accidentally create security problems, e.g. convincing the app it's on
HTTPS when it's really HTTP.
But, maybe we can add a config flag like "force_wsgi_environ" that would
enable this behaviour, and just take public_url as the source of all truth.
Would that work for you?
Ryan
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
