From f1b488ea55c036931d14e6b0df6ed711e3189212 Mon Sep 17 00:00:00 2001 From: James Moger Date: Thu, 2 Aug 2012 19:39:35 -0400 Subject: [PATCH] Support for X-Forwarded-Proto and X-Forwarded-Port (issue 115) --- docs/01_setup.mkd | 4 +++ docs/04_releases.mkd | 1 + src/com/gitblit/utils/HttpUtils.java | 43 +++++++++++++++++++++++++--- 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/docs/01_setup.mkd b/docs/01_setup.mkd index 6d6f7271..6558207a 100644 --- a/docs/01_setup.mkd +++ b/docs/01_setup.mkd @@ -156,6 +156,10 @@ ProxyPreserveHost On # If your httpd frontend is https but you are proxying http Gitblit WAR or GO #Header edit Location ^http://([^⁄]+)/gitblit/ https://$1/gitblit/ +# Additionally you will want to tell Gitblit the original scheme and port +#Header set X-Forwarded-Proto https +#Header set X-Forwarded-Port 443 + #ProxyPass /gitblit ajp://localhost:8009/gitblit %ENDCODE% **Please** make sure to: diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd index 4e4ee99f..fd50ea57 100644 --- a/docs/04_releases.mkd +++ b/docs/04_releases.mkd @@ -11,6 +11,7 @@ If you are updating from an 0.9.x release AND you have indexed branches with the #### fixes +- Repository URL uses `X-Forwarded-Proto` and `X-Forwarded-Port`, if available, for reverse proxy configurations (issue 115) - Fixes to relative path determination in repository searh algorithm for symlinks (issue 116) - Output real RAW content, not simulated RAW content (issue 114) - Fixed Lucene charset encoding bug when reindexing a repository (issue 112) diff --git a/src/com/gitblit/utils/HttpUtils.java b/src/com/gitblit/utils/HttpUtils.java index 079d1a6b..3903f8c7 100644 --- a/src/com/gitblit/utils/HttpUtils.java +++ b/src/com/gitblit/utils/HttpUtils.java @@ -32,13 +32,48 @@ public class HttpUtils { * @return the host url */ public static String getGitblitURL(HttpServletRequest request) { + // default to the request scheme and port + String scheme = request.getScheme(); + int port = request.getServerPort(); + + // try to use reverse-proxy server's port + String forwardedPort = request.getHeader("X-Forwarded-Port"); + if (StringUtils.isEmpty(forwardedPort)) { + forwardedPort = request.getHeader("X_Forwarded_Port"); + } + if (!StringUtils.isEmpty(forwardedPort)) { + // reverse-proxy server has supplied the original port + try { + port = Integer.parseInt(forwardedPort); + } catch (Throwable t) { + } + } + + // try to use reverse-proxy server's scheme + String forwardedScheme = request.getHeader("X-Forwarded-Proto"); + if (StringUtils.isEmpty(forwardedScheme)) { + forwardedScheme = request.getHeader("X_Forwarded_Proto"); + } + if (!StringUtils.isEmpty(forwardedScheme)) { + // reverse-proxy server has supplied the original scheme + scheme = forwardedScheme; + + if ("https".equals(scheme) && port == 80) { + // proxy server is https, inside server is 80 + // this is likely because the proxy server has not supplied + // x-forwarded-port. since 80 is almost definitely wrong, + // make an educated guess that 443 is correct. + port = 443; + } + } + StringBuilder sb = new StringBuilder(); - sb.append(request.getScheme()); + sb.append(scheme); sb.append("://"); sb.append(request.getServerName()); - if ((request.getScheme().equals("http") && request.getServerPort() != 80) - || (request.getScheme().equals("https") && request.getServerPort() != 443)) { - sb.append(":" + request.getServerPort()); + if (("http".equals(scheme) && port != 80) + || ("https".equals(scheme) && port != 443)) { + sb.append(":" + port); } sb.append(request.getContextPath()); return sb.toString(); -- 2.39.5