Bug 843326 - mod_wsgi on python-2.6 cartridge does not detect wsgi_url_scheme correctly
mod_wsgi on python-2.6 cartridge does not detect wsgi_url_scheme correctly
Status: CLOSED CURRENTRELEASE
Product: OpenShift Origin
Classification: Red Hat
Component: Containers (Show other bugs)
2.x
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Rob Millner
libra bugs
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-25 23:41 EDT by Andrew Replogle
Modified: 2015-05-14 18:57 EDT (History)
3 users (show)

See Also:
Fixed In Version: devenv_1933
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-07 16:43:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Replogle 2012-07-25 23:41:43 EDT
Description of problem:
When accessing a python cartridge via HTTPS, mod_wsgi does not seem to detect the HTTP_X_FORWARDED_PROTO as https as set the wsgi_url_scheme accordingly.

Version-Release number of selected component (if applicable):
python-2.6 cartridge and whatever version of mod_wsgi that entails.

How reproducible:
100%

Steps to Reproduce:
1.create a python-2.6 gear. 
2.access it via https
3.check wsgi_url_scheme value in the request
  
Actual results:
always returns 'http'

Expected results:
when using https, should return 'https'
when using http, should return 'http'

Additional info:
Comment 1 Rob Millner 2012-07-26 13:48:06 EDT
The front-end Apache sets X-Forwarded-Proto before proxying to the wsgi server.  It must be getting filtered or reset at the back-end.
Comment 2 Andrew Replogle 2012-07-27 09:28:30 EDT
I've posted on modwsgi to try and get some clarity on the expected behavior since I don't think double proxied / multi-web layers were taken into account during the initial wsgi spec design.

https://groups.google.com/forum/?fromgroups#!topic/modwsgi/Egi6pg7c2X8

I don't quite understand the response. Does it make sense to you?

Specifically: 

"to identify that proxy actually terminate https and not 
http."

I'm also poking around in mod_wsgi.c to see if I can get some clarity on what was designed to happen.
Comment 3 Rob Millner 2012-07-31 21:41:07 EDT
Following the linked comment above works:
$ curl -k https://rmt2-rmillner0211.dev.rhcloud.com/env
...
wsgi.url_scheme: https
Comment 4 Rob Millner 2012-07-31 21:54:44 EDT
Pull request submitted:
https://github.com/openshift/crankcase/pull/311
https://github.com/openshift/li/pull/157
Comment 5 Rob Millner 2012-08-01 14:33:57 EDT
Pull request accepted.
Comment 6 Meng Bo 2012-08-02 02:09:43 EDT
Checked on devenv_1933, issue has been fixed.

#curl -k https://py1-bmengdev.dev.rhcloud.com/env
...
HTTPS: 1
HTTP_X_FORWARDED_PROTO: https
...
wsgi.url_scheme: https
...

#curl -k http://py1-bmengdev.dev.rhcloud.com/env
...
HTTP_X_FORWARDED_PROTO: http
...
wsgi.url_scheme: http

Note You need to log in before you can comment on or make changes to this bug.