Commit 985553a9 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Drop REMOTE_USER header

It is used internally for communication between backend and the server.
parent b40bb01a
......@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
[template-caddy-frontend-configuration]
filename = templates/Caddyfile.in
md5sum = a5367cf68ccfb34b1171086882548cec
md5sum = 2c3685356bef4b52fa2e654712e463cd
[template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
......@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = a0fcdbe974d92e220319534aad934183
md5sum = 25222f8a997bb26a6e3dfa2b7c41a103
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
md5sum = be76c0e96df722dee278077988d869a6
md5sum = 6e569282b05fa326d0e9aa6958cb6910
[template-log-access]
filename = templates/template-log-access.conf.in
......
......@@ -5,9 +5,6 @@
# TODO-Caddy AddType application/x-compress .Z
# TODO-Caddy AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
# TODO-Caddy RequestHeader unset REMOTE_USER
# TODO-Caddy <Directory {{ protected_path }}>
# TODO-Caddy Order Deny,Allow
# TODO-Caddy Allow from {{ access_control_string }}
......
......@@ -14,6 +14,9 @@
bind {{ local_ipv4 }}
# Rewrite part
proxy / {{ slave_parameter.get('backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
transparent
timeout 600s
{%- if ssl_proxy_verify %}
......@@ -31,6 +34,8 @@
bind {{ local_ipv4 }}
## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
proxy / {{ slave_parameter.get('https_backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
transparent
timeout 600s
{%- if ssl_proxy_verify %}
......
......@@ -45,6 +45,9 @@
{% if slave_type == 'zope' and backend_url -%}
proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
......@@ -87,6 +90,9 @@
{% endif -%}
{%- if backend_url %}
proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
......@@ -135,6 +141,9 @@
}
{% elif slave_type == 'zope' and backend_url -%}
proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
......@@ -173,6 +182,9 @@
{% endif -%}
{%- if slave_parameter.get('url', '') %}
proxy / {{ slave_parameter.get('url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment