[09:30:57] <halfak> Hey folks. I'm getting bit by the labs proxy and how it handles https. I'm wondering if anyone has a solution to the problem I'm running into.
[09:31:35] <halfak> So, if you go to "https://ores.wmflabs.org/scores", you'll get redirected to "http://ores.wmflabs.org/scores/"
[09:31:39] <halfak> Note the scheme change!
[09:32:10] <halfak> This happens because the labs proxy converts the https request to http for ORES.
[09:32:27] <halfak> But when ORES issues a redirect, it has no idea that the request came from https
[09:32:33] <halfak> So it issues a 301 for "http"
[09:32:52] <halfak> And the labs proxy ignores the protocol changes and just forwards the response.
[09:33:42] <halfak> Potential solutions: No redirects at all, HTTPS required for all requests, ???
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Revert "ores: Hardcode Host in the HTTPS redirect" | operations/puppet | production | +2 -1 |
Event Timeline
Comment Actions
Just deployed the above change, but now loading http://ores.wmflabs.org in my browser will redirect to https://oresweb.
Comment Actions
Here's some notes from a relevant chat in #wikimedia-ai
[10:43:48] <akosiaris> the oresweb btw is due to nginx having upstream oresweb { [10:43:56] <akosiaris> in it's configuration [10:44:06] <akosiaris> proxy_pass http://oresweb; [10:44:37] <halfak> akosiaris, ^ was thinking about that on the whole ride in. [10:44:58] <halfak> Where is "oresweb" and how did the config we copied it from document that a hostname must be set in such a way. [10:45:40] <akosiaris> so the correct way to fix that [10:45:49] <akosiaris> is to actually preserve the Host: header [10:45:56] <akosiaris> proxy_set_header Host $host; [10:46:32] <akosiaris> so that the backend HTTP request has the HTTP Host: header the client originally wanted [10:46:46] <akosiaris> I 'll concoct a change and fix this the nice way
Comment Actions
Change 279133 had a related patch set uploaded (by Alexandros Kosiaris):
Revert "ores: Hardcode Host in the HTTPS redirect"
Comment Actions
Change 279133 merged by Alexandros Kosiaris:
Revert "ores: Hardcode Host in the HTTPS redirect"