Bug 843326

Summary: mod_wsgi on python-2.6 cartridge does not detect wsgi_url_scheme correctly
Product: OKD Reporter: Andrew Replogle <areplogl>
Component: ContainersAssignee: Rob Millner <rmillner>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 2.xCC: bmeng, kbarfiel, mfisher
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: devenv_1933 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-07 20:43:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew Replogle 2012-07-26 03:41:43 UTC 
Description of problem:
When accessing a python cartridge via HTTPS, mod_wsgi does not seem to detect the HTTP_X_FORWARDED_PROTO as https as set the wsgi_url_scheme accordingly.

Version-Release number of selected component (if applicable):
python-2.6 cartridge and whatever version of mod_wsgi that entails.

How reproducible:
100%

Steps to Reproduce:
1.create a python-2.6 gear. 
2.access it via https
3.check wsgi_url_scheme value in the request
  
Actual results:
always returns 'http'

Expected results:
when using https, should return 'https'
when using http, should return 'http'

Additional info:
Comment 1 Rob Millner 2012-07-26 17:48:06 UTC 
The front-end Apache sets X-Forwarded-Proto before proxying to the wsgi server.  It must be getting filtered or reset at the back-end.
Comment 2 Andrew Replogle 2012-07-27 13:28:30 UTC 
I've posted on modwsgi to try and get some clarity on the expected behavior since I don't think double proxied / multi-web layers were taken into account during the initial wsgi spec design.

https://groups.google.com/forum/?fromgroups#!topic/modwsgi/Egi6pg7c2X8

I don't quite understand the response. Does it make sense to you?

Specifically: 

"to identify that proxy actually terminate https and not 
http."

I'm also poking around in mod_wsgi.c to see if I can get some clarity on what was designed to happen.
Comment 3 Rob Millner 2012-08-01 01:41:07 UTC 
Following the linked comment above works:
$ curl -k https://rmt2-rmillner0211.dev.rhcloud.com/env
...
wsgi.url_scheme: https
Comment 4 Rob Millner 2012-08-01 01:54:44 UTC 
Pull request submitted:
https://github.com/openshift/crankcase/pull/311
https://github.com/openshift/li/pull/157
Comment 5 Rob Millner 2012-08-01 18:33:57 UTC 
Pull request accepted.
Comment 6 Meng Bo 2012-08-02 06:09:43 UTC 
Checked on devenv_1933, issue has been fixed.

#curl -k https://py1-bmengdev.dev.rhcloud.com/env
...
HTTPS: 1
HTTP_X_FORWARDED_PROTO: https
...
wsgi.url_scheme: https
...

#curl -k http://py1-bmengdev.dev.rhcloud.com/env
...
HTTP_X_FORWARDED_PROTO: http
...
wsgi.url_scheme: http