Properly use x-forwarded-proto with redirects in the webui, related to #347

7 years ago · a4f46ced49
parent 48d736feef
commit a4f46ced49
4 changed files with 13 additions and 3 deletions
--- a/core/admin/mailu/init.py
+++ b/core/admin/mailu/init.py
@ -12,6 +12,8 @@ import docker
 import socket
 import uuid

+from werkzeug.contrib import fixers
+
 # Create application
 app = flask.Flask(__name__)

@ -113,9 +115,10 @@ class PrefixMiddleware(object):
        self.app = app

    def __call__(self, environ, start_response):
+        print(environ)
        prefix = environ.get('HTTP_X_FORWARDED_PREFIX', '')
        if prefix:
            environ['SCRIPT_NAME'] = prefix
        return self.app(environ, start_response)

-app.wsgi_app = PrefixMiddleware(app.wsgi_app)
+app.wsgi_app = PrefixMiddleware(fixers.ProxyFix(app.wsgi_app))
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -71,7 +71,7 @@ http {
      location {{ WEB_WEBMAIL }} {
        rewrite ^({{ WEB_WEBMAIL }})$ $1/ permanent;
        rewrite ^{{ WEB_WEBMAIL }}/(.*) /$1 break;
-        proxy_set_header Host $host;
+        include /etc/nginx/proxy.conf;
        proxy_pass http://$webmail;
      }
      {% endif %}
@ -83,8 +83,8 @@ http {

      location ~ {{ WEB_ADMIN }}/(ui|static) {
        rewrite ^{{ WEB_ADMIN }}/(.*) /$1 break;
+        include /etc/nginx/proxy.conf;
        proxy_set_header X-Forwarded-Prefix {{ WEB_ADMIN }};
-        proxy_set_header Host $host;
        proxy_pass http://$admin;
      }

@ -102,6 +102,7 @@ http {
        rewrite ^/webdav/(.*) /$1 break;
        auth_request /internal/auth/basic;
        auth_request_set $user $upstream_http_x_user;
+        include /etc/nginx/proxy.conf;
        proxy_set_header X-Remote-User $user;
        proxy_set_header X-Script-Name /webdav;
        proxy_pass http://$webdav;
--- a/core/nginx/conf/proxy.conf
+++ b/core/nginx/conf/proxy.conf
@ -0,0 +1,5 @@
+# Default proxy setup
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
--- a/core/nginx/config.py
+++ b/core/nginx/config.py
@ -29,6 +29,7 @@ if args["TLS"] and not all(os.path.exists(file_path) for file_path in args["TLS"

 # Build final configuration paths
 convert("/conf/tls.conf", "/etc/nginx/tls.conf", args)
+convert("/conf/proxy.conf", "/etc/nginx/proxy.conf", args)
 convert("/conf/nginx.conf", "/etc/nginx/nginx.conf", args)
 if os.path.exists("/var/log/nginx.pid"):
    os.system("nginx -s reload")