Support for X-Forwarded-Proto and X-Forwarded-Port (issue 115)

diff --git a/docs/01_setup.mkd b/docs/01_setup.mkd
index 6d6f7271210805e8bfd6961121f78e4159f63b65..6558207ad75cec3911b2b739b4fb574acdd46777 100644 (file)
--- a/docs/01_setup.mkd
+++ b/docs/01_setup.mkd
@@ -156,6 +156,10 @@ ProxyPreserveHost On
 # If your httpd frontend is https but you are proxying http Gitblit WAR or GO\r
 #Header edit Location ^http://([^⁄]+)/gitblit/ https://$1/gitblit/\r
 \r
+# Additionally you will want to tell Gitblit the original scheme and port\r
+#Header set X-Forwarded-Proto https\r
+#Header set X-Forwarded-Port 443\r
+\r
 #ProxyPass /gitblit ajp://localhost:8009/gitblit\r
 %ENDCODE%  \r
 **Please** make sure to:  \r

diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd
index 4e4ee99f91f9d70d708659dd69db1dfc17488aab..fd50ea57ce25cbd89ea80ea66a088c945fe6de88 100644 (file)
--- a/docs/04_releases.mkd
+++ b/docs/04_releases.mkd
@@ -11,6 +11,7 @@ If you are updating from an 0.9.x release AND you have indexed branches with the
 \r
 #### fixes\r
 \r
+- Repository URL uses `X-Forwarded-Proto` and `X-Forwarded-Port`, if available, for reverse proxy configurations (issue 115)\r
 - Fixes to relative path determination in repository searh algorithm for symlinks (issue 116)\r
 - Output real RAW content, not simulated RAW content (issue 114)\r
 - Fixed Lucene charset encoding bug when reindexing a repository (issue 112)\r

diff --git a/src/com/gitblit/utils/HttpUtils.java b/src/com/gitblit/utils/HttpUtils.java
index 079d1a6bac0ba716315bb75d76f5c7d41e1dc572..3903f8c73ec0d1a4efc1b53fe6ab347b44986c1d 100644 (file)
--- a/src/com/gitblit/utils/HttpUtils.java
+++ b/src/com/gitblit/utils/HttpUtils.java
@@ -32,13 +32,48 @@ public class HttpUtils {
         * @return the host url\r
         */\r
        public static String getGitblitURL(HttpServletRequest request) {\r
+               // default to the request scheme and port\r
+               String scheme = request.getScheme();\r
+               int port = request.getServerPort();\r
+\r
+               // try to use reverse-proxy server's port\r
+        String forwardedPort = request.getHeader("X-Forwarded-Port");\r
+        if (StringUtils.isEmpty(forwardedPort)) {\r
+               forwardedPort = request.getHeader("X_Forwarded_Port");\r
+        }\r
+        if (!StringUtils.isEmpty(forwardedPort)) {\r
+               // reverse-proxy server has supplied the original port\r
+               try {\r
+                       port = Integer.parseInt(forwardedPort);\r
+               } catch (Throwable t) {\r
+               }\r
+        }\r
+        \r
+               // try to use reverse-proxy server's scheme\r
+        String forwardedScheme = request.getHeader("X-Forwarded-Proto");\r
+        if (StringUtils.isEmpty(forwardedScheme)) {\r
+               forwardedScheme = request.getHeader("X_Forwarded_Proto");\r
+        }\r
+        if (!StringUtils.isEmpty(forwardedScheme)) {\r
+               // reverse-proxy server has supplied the original scheme\r
+               scheme = forwardedScheme;\r
+               \r
+               if ("https".equals(scheme) && port == 80) {\r
+                       // proxy server is https, inside server is 80\r
+                       // this is likely because the proxy server has not supplied\r
+                       // x-forwarded-port. since 80 is almost definitely wrong,\r
+                       // make an educated guess that 443 is correct.\r
+                       port = 443;\r
+               }\r
+        }\r
+        \r
                StringBuilder sb = new StringBuilder();\r
-               sb.append(request.getScheme());\r
+               sb.append(scheme);\r
                sb.append("://");\r
                sb.append(request.getServerName());\r
-               if ((request.getScheme().equals("http") && request.getServerPort() != 80)\r
-                               || (request.getScheme().equals("https") && request.getServerPort() != 443)) {\r
-                       sb.append(":" + request.getServerPort());\r
+               if (("http".equals(scheme) && port != 80)\r
+                               || ("https".equals(scheme) && port != 443)) {\r
+                       sb.append(":" + port);\r
                }\r
                sb.append(request.getContextPath());\r
                return sb.toString();\r