Please add support for the x-forwarded-proto header so that when an application is running behind the proxy and accessed using the device url, the app can determine the protocol used to connect to it.
Thank you for this feature request! I will forward it to the team to find out exactly which component the implementation belongs to, and to add it to our regular feature discussions and triaging.
Hi @regedad, it seems like your question is incomplete? Can you please elaborate?
Hi @deisterhold,
I’ve taken a look at this and unfortunately it is not possible given our setup. We terminate SSL at our layer 4 load balancers so by the time the Proxy service is handling the request it believes it is handling a http request, so the X-Forwarded-Proto would be reported as http. There are various reasons why we do not/cannot operate the load balancers at layer 7 (which would allow them to insert the appropriate X-Forwarded-* headers) but it boils down to a requirement to use ProxyProtocol between the Load Balancers and the Proxy service.
Hi @regedad,
Unfortunately the thread your comment is in doesn’t give me any context. Could you please expand your comment into a full question for us, please?
Best regards,
Heds
… for posterity and assuming all traffic is only HTTPS, a haproxy container listening on device URL port 80 and forwarding traffic to the payload container on some other local port is a valid workaround.
We’ve hit this issue with Jenkins, proxied via balena device URLs. Since the web browser client is communicating over HTTPS via a device URL, but the traffic coming out of the device URL SNI tunnel into Jenkins is HTTP, Jenkins, in absence of appropriate X-Forwarded-For-Proto
header will (rightfully) redirect every request back to HTTP, which is undesirable for obvious resons.
A haproxy between device URLs tunnel and Jenkins, with the following simple config sorts this out (e.g.):
global
log stdout format raw daemon debug
defaults
log global
mode http
timeout client 30s
timeout server 30s
timeout connect 30s
frontend balena-jenkins-http-frontend
bind :::80 v4v6
use_backend balena-jenkins-http-backend
backend balena-jenkins-http-backend
http-request add-header X-Forwarded-Proto https
server balena-jenkins jenkins-master:1234