[MB-29597] Honor X-Forwarded-Proto In Redirects - Couchbase database

XML

Word

Printable

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: ns_server
Labels:
- kubernetes

Description

When NS server is sat behind a load-balancer which is terminating SSL, a redirect will end up returning the wrong scheme, probably related to this bit of code here:

https://github.com/couchbase/ns_server/blob/15f8f4629bf26cd43f0009eb58256ef9e894e02f/src/menelaus_util.erl#L159

The load balancer should be operating in http mode, and inserting the X-Forwarded-Proto header which indicates the client is actually talking TLS. In this case we need to return the https scheme if either the socket is TLS enabled, or the X-Forwarded-Proto header is set to https.

This may be required elsewhere too...

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

Ascending order - Click to sort in descending order

Simon Murray created issue - 10/May/18 4:44 AM

Simon Murray made changes - 10/May/18 4:45 AM

Field	Original Value	New Value
Rank		Ranked higher

Mike Wiederhold [X] (Inactive) made changes - 10/May/18 7:38 AM

Labels

kubernetes

People

Assignee:: Ajit Yagaty [X] (Inactive)

Reporter:: Simon Murray

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/May/18 4:44 AM

Updated:: 10/May/18 7:38 AM

Gerrit Reviews

There are no open Gerrit changes

Couchbase Server

Honor X-Forwarded-Proto In Redirects

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty