[COOK-2730] - pass along reasonable Host, X-Forwarded-For & X-Real-IP

Signed-off-by: Sean OMeara <[email protected]>
poise · Oct 25, 2013 · 7b32e59 · 7b32e59
1 parent ba74157
commit 7b32e59
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -29,6 +29,7 @@ Note that the application repository will still be checked out even if this is t
 - application\_server\_role: the role to search for when looking for application servers. Defaults to "#{application name}\_application\_server"
 - template: the name of template that will be rendered to create the context file; if specified it will be looked up in the application cookbook. Defaults to "load_balancer.conf.erb" from this cookbook
 - server\_name: the virtual host name(s). Defaults to the node FQDN
+- set\_host\_header: Force nginx to set the Host, X-Real-IP and X-Forwarded-For headers. Defaults to false.
 - port: the port nginx will bind. Defaults to 80
 - application_port: the port the application server runs on. Defaults to 8000
 - static_files: a Hash mapping URLs to files. Defaults to an empty Hash
@@ -99,6 +100,32 @@ which will be expanded to:
       }
     }
 
+Additionally you can set `set_host_header` to true to force Nginx to pass along the Host, X-Real-IP and X-Forwarded-For headers which are often vital to the correct functioning of OAuth callbacks and similar. See [the nginx docs](http://wiki.nginx.org/HttpProxyModule#proxy_set_header) for more details
+
+    application "my-app" do
+      path "/usr/local/my-app"
+      repository "..."
+      revision "..."
+
+      nginx_load_balancer do
+        only_if { node['roles'].include?('my-app_load_balancer') }
+        set_host_header true
+      end
+    end
+
+    which will result in the following server definition:
+
+    server {
+      listen 80;
+      server_name frontend-0;
+      location / {
+        proxy_pass http://my-app;
+        proxy_set_header   Host             $host;
+        proxy_set_header   X-Real-IP        $remote_addr;
+        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+      }
+    }
+
 License & Authors
 -----------------
 - Author:: Adam Jacob (<[email protected]>)

diff --git a/resources/nginx_load_balancer.rb b/resources/nginx_load_balancer.rb
@@ -23,6 +23,7 @@
 attribute :application_server_role, :kind_of => [String, Symbol, NilClass], :default => nil
 attribute :template, :kind_of => [String, NilClass], :default => nil
 attribute :server_name, :kind_of => [String, Array], :default => node['fqdn']
+attribute :set_host_header, :kind_of => [TrueClass, FalseClass], :default => false
 attribute :port, :kind_of => Integer, :default => 80
 attribute :application_port, :kind_of => Integer, :default => 8000
 attribute :application_socket, :kind_of => [Array, String, NilClass], :default => nil

diff --git a/templates/default/load_balancer.conf.erb b/templates/default/load_balancer.conf.erb
@@ -24,5 +24,10 @@ server {
   <% end %>
   location / {
     proxy_pass http://<%= @resource.application.name %>;
+    <% if @resource.set_host_header %>
+    proxy_set_header   Host             $host;
+    proxy_set_header   X-Real-IP        $remote_addr;
+    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+    <% end %>
   }
 }