Commit 985553a9 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Drop REMOTE_USER header

It is used internally for communication between backend and the server.
parent b40bb01a
...@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e ...@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in filename = templates/Caddyfile.in
md5sum = a5367cf68ccfb34b1171086882548cec md5sum = 2c3685356bef4b52fa2e654712e463cd
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
...@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = a0fcdbe974d92e220319534aad934183 md5sum = 25222f8a997bb26a6e3dfa2b7c41a103
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
md5sum = be76c0e96df722dee278077988d869a6 md5sum = 6e569282b05fa326d0e9aa6958cb6910
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
......
...@@ -5,9 +5,6 @@ ...@@ -5,9 +5,6 @@
# TODO-Caddy AddType application/x-compress .Z # TODO-Caddy AddType application/x-compress .Z
# TODO-Caddy AddType application/x-gzip .gz .tgz # TODO-Caddy AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
# TODO-Caddy RequestHeader unset REMOTE_USER
# TODO-Caddy <Directory {{ protected_path }}> # TODO-Caddy <Directory {{ protected_path }}>
# TODO-Caddy Order Deny,Allow # TODO-Caddy Order Deny,Allow
# TODO-Caddy Allow from {{ access_control_string }} # TODO-Caddy Allow from {{ access_control_string }}
......
...@@ -14,6 +14,9 @@ ...@@ -14,6 +14,9 @@
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
# Rewrite part # Rewrite part
proxy / {{ slave_parameter.get('backend_url', '') }} { proxy / {{ slave_parameter.get('backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
...@@ -31,6 +34,8 @@ ...@@ -31,6 +34,8 @@
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} ## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
proxy / {{ slave_parameter.get('https_backend_url', '') }} { proxy / {{ slave_parameter.get('https_backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
......
...@@ -45,6 +45,9 @@ ...@@ -45,6 +45,9 @@
{% if slave_type == 'zope' and backend_url -%} {% if slave_type == 'zope' and backend_url -%}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif -%}
...@@ -87,6 +90,9 @@ ...@@ -87,6 +90,9 @@
{% endif -%} {% endif -%}
{%- if backend_url %} {%- if backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif -%}
...@@ -135,6 +141,9 @@ ...@@ -135,6 +141,9 @@
} }
{% elif slave_type == 'zope' and backend_url -%} {% elif slave_type == 'zope' and backend_url -%}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif -%}
...@@ -173,6 +182,9 @@ ...@@ -173,6 +182,9 @@
{% endif -%} {% endif -%}
{%- if slave_parameter.get('url', '') %} {%- if slave_parameter.get('url', '') %}
proxy / {{ slave_parameter.get('url', '') }} { proxy / {{ slave_parameter.get('url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif -%}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment