pin goreleaser version

send x-forwarded headers for ssl static mode as well
add the X-Forwarded-Proto and X-Forwarded-Port headers for SSLAuto mode
2024-10-04 05:07:15 +03:00 · 2024-02-01 15:28:20 -06:00 · 2024-02-01 14:42:18 -06:00 · 2024-02-01 14:42:18 -06:00 · 2024-02-01 14:41:39 -06:00
7 changed files with 11 additions and 4 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1 @@
+dist/
--- a/Dockerfile.artifacts
+++ b/Dockerfile.artifacts
@ -1,4 +1,4 @@
-FROM goreleaser/goreleaser as build
+FROM goreleaser/goreleaser:v1.14.0 as build

 WORKDIR /build
 ADD . /build
--- a/README.md
+++ b/README.md
@ -157,7 +157,7 @@ In case if rules set as a part of docker compose environment, destination with t

 ## SSL support

-SSL mode (by default none) can be set to `auto` (ACME/LE certificates), `static` (existing certificate) or `none`. If `auto` turned on SSL certificate will be issued automatically for all discovered server names. User can override it by setting `--ssl.fqdn` value(s)
+SSL mode (by default none) can be set to `auto` (ACME/LE certificates), `static` (existing certificate) or `none`. If `auto` turned on SSL certificate will be issued automatically for all discovered server names. User can override it by setting `--ssl.fqdn` value(s). In `auto` and `static` SSL mode, Reproxy will automatically add the `X-Forwarded-Proto` and `X-Forwarded-Port` headers. These headers are useful for services behind the proxy to know the original protocol (http or https) and port number used by the client.

 ## Headers 

--- a/app/discovery/provider/docker.go
+++ b/app/discovery/provider/docker.go
@ -373,7 +373,7 @@ func NewDockerClient(host, network string) DockerClient {
 func (d *dockerClient) ListContainers() ([]containerInfo, error) {
 	// Minimum API version that returns attached networks
 	// docs.docker.com/engine/api/version-history/#v122-api-changes
-	const APIVersion = "v1.22"
+	const APIVersion = "v1.24"

 	resp, err := d.client.Get(fmt.Sprintf("http://localhost/%s/containers/json", APIVersion))
 	if err != nil {
--- a/app/discovery/provider/docker_test.go
+++ b/app/discovery/provider/docker_test.go
@ -369,7 +369,7 @@ func TestDocker_refresh(t *testing.T) {

 func TestDockerClient(t *testing.T) {
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, `/v1.22/containers/json`, r.URL.Path)
+		require.Equal(t, `/v1.24/containers/json`, r.URL.Path)

 		// obtained using curl --unix-socket /var/run/docker.sock http://localhost/v1.41/containers/json
 		resp, err := os.ReadFile("testdata/containers.json")
--- a/app/proxy/proxy.go
+++ b/app/proxy/proxy.go
@ -212,6 +212,10 @@ func (h *Http) proxyHandler() http.HandlerFunc {
 			uu := ctx.Value(ctxURL).(*url.URL)
 			keepHost := ctx.Value(ctxKeepHost).(bool)
 			r.Header.Add("X-Forwarded-Host", r.Host)
+			if h.SSLConfig.SSLMode == SSLAuto || h.SSLConfig.SSLMode == SSLStatic {
+				r.Header.Add("X-Forwarded-Proto", "https")
+				r.Header.Add("X-Forwarded-Port", "443")
+			}
 			r.URL.Path = uu.Path
 			r.URL.Host = uu.Host
 			r.URL.Scheme = uu.Scheme
--- a/app/proxy/proxy_test.go
+++ b/app/proxy/proxy_test.go
@ -35,6 +35,8 @@ func TestHttp_Do(t *testing.T) {
 		w.Header().Add("h1", "v1")
 		require.Equal(t, "127.0.0.1", r.Header.Get("X-Real-IP"))
 		require.Equal(t, "127.0.0.1", r.Header.Get("X-Forwarded-For"))
+		require.Empty(t, r.Header.Get("X-Forwarded-Proto")) // ssl auto only
+		require.Empty(t, r.Header.Get("X-Forwarded-Port"))
 		fmt.Fprintf(w, "response %s", r.URL.String())
 	}))
Author	SHA1	Message	Date
Umputun	8f2bfdc838	pin goreleaser version	2024-02-01 15:28:20 -06:00
rashpile	631244671a	send x-forwarded headers for ssl static mode as well	2024-02-01 14:42:18 -06:00
rashpile	f573cd9e86	add the `X-Forwarded-Proto` and `X-Forwarded-Port` headers for SSLAuto mode	2024-02-01 14:42:18 -06:00
rashpile	7ce7e18931	docker api 1.22 is deprecated -> minimal supported version is 1.24	2024-02-01 14:41:39 -06:00