Comments (7)
The original file is here: https://github.com/ConSol/omd/blob/labs/packages/omd/skel/etc/apache/conf.d/omd.conf
from omd.
Okay, my suggested fix is:
--- omd.conf.orig 2018-04-12 17:13:13.159353000 +0200
+++ omd.conf 2018-04-12 17:15:28.680794300 +0200
@@ -12,7 +12,12 @@
RewriteCond %{HTTPS} =on
RewriteRule ^/###SITE###/?$ - [env=proto:https]
-RewriteRule ^/###SITE###/?$ %{ENV:proto}://%{SERVER_NAME}:%{SERVER_PORT}/###SITE###/omd/ [R=302]
+RewriteRule ^/###SITE###/?$ - [env=port:%{SERVER_PORT}]
+
+RewriteCond %{HTTP:X-Forwarded-Port} !=""
+RewriteRule ^/###SITE###/?$ - [env=port:%{HTTP:X-Forwarded-Port}]
+
+RewriteRule ^/###SITE###/?$ %{ENV:proto}://%{SERVER_NAME}:%{ENV:port}/###SITE###/omd/ [R=302]
# Keep original redirect as fallback, rewrite rules do no work in shared apache mode
RedirectMatch ^/###SITE###$ /###SITE###/omd/
It creates an env var for port
with SERVER_PORT
as default value and replaces this value with the value from X-Forwarded-Port
if there is any. Then this env var is used in the real RewriteRule instead of the SERVER_PORT
var.
from omd.
Did you know you can directly edit the file on github and github will create automatically a pull request for that change.
So your setup looks like [Docker host apache] ---reverse proxy---> [docker omd container] where the omd container again has the system apache on 80/443 reverse proxying to the site apache on port 5000?
from omd.
No I didn't. Does this creates a full fork on my account?
Its even worse:
Network → gate-apache with reverse proxy and public ssl wrap → server-apache with reverse proxy and internal ssl wrap → docker omd container with exposed port 80 as 127.0.0.1:10080 → container-apache 80 reverse proxy → site-apache on 5000
The multi-site support you built into the docker container is an extra layer I probably don't need.
Normally I run two container on different exposed ports to have a production container and a staging container, so I can take one down without affecting the other. But for the omd container I'm thinking about doing a production site and a staging site inside one container. This makes URL-normalization on the gate- and server-apache way easier and spares (non-public) ports on the server-apache, but looses the independence between the two sites.
Another alternative is to build another container with a different site name for the staging system, but the omd containers with multi-site-support are... heavy.
Best case (for me) would be to have a lightweight single-site-per-container solution, even without SSL for the web-ui.
from omd.
I tried a few things and having a hard time to reproduce any issue here. Who will set the "X-Forwarded-Port" header in your case? Also it's usually a good idea to have either everything ssl or nothing. This remove some possible redirect issues already.
from omd.
In my case its the gate-apache. But I think, in the scenario I got here, there is no difference if the server-apache would be setting it.
The main thing is, to not do SSL inside the container, but in the apache on the docker host.
So if I would be testing this, I would take a xenial server vm. Install docker-ce and apache2 in the vm. Run the OMD container in NonSSL mode and wrap SSL in the server vm apache as well as use:
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443
The thing is, I run multiple different services in multiple containers, some with SSL and some without. So I have to wrap the SSL on the server apache anyway. Doing it additionally in the container is unnecessary. And I don't have to rebuild the container every time I got a new cert.
Another way to test is, if you run SSL (even in the container) on a non standard SSL-Port. e.g. 10443. Then you definitely need X-Forwarded-Port
too. If you consider values from X-Forwarded-Proto
you always have to consider values from X-Forwarded-Port
too:
The protocol doesn't necessary determines the port the service is running on.
from omd.
This is merged in #60 an can be closed.
from omd.
Related Issues (20)
- [Debian 11 Question] omd-5.10 dependencies HOT 1
- Upgrading to OMD 5.10 fails to start naemon HOT 5
- NSCA Shows error while started. HOT 1
- grafana doesn't show graph from other OMD instance HOT 2
- Monitoring/Restarting/Alerting if OMD is down... HOT 3
- /opt/omd/versions/5.20-labs-edition/lib/node_modules/@puppeteer/browsers/lib/cjs/launch.js:259 HOT 4
- omd-5.20-labs-edition on RHEL 9.2 - omd command not working as systemd service HOT 2
- check_jmx4perl 1.11 (bundled with 5.20) shows strange lines and different than 1.10 on connection refused
- check_dns 2.3.3 (bundled with 5.20) misses option -q while RPM version 2.3.3 has it included HOT 3
- check_ping behaves different between EL8 (working) and EL9 (IPv6 broken) HOT 3
- Configure for HTTP isn't working... HOT 5
- 5.30: EL9 RPM has huge dependency tree in difference to EL8 HOT 2
- Site updated from 5.20 to 5.30 - naemon silently failing - undefined symbol HOT 12
- thruk filter "Plugin Output" is not affecting numbers in "Service Status Totals" HOT 1
- grafana graphs not displaying inline when using CAS Auth. HOT 3
- 5.30 on EL9: livestatus / xinetd hang during start if started by systemd HOT 1
- No data in Reports -> Event log , trends, notifications HOT 13
- Reports > Trends always Indeterminated HOT 1
- I am trying to install omd in SUSE 15 SLES 5
- SNClient gui is not loaded ? HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omd.