We are in the process of updating our dependencies. We recently updated spring-boot from 2.4.4 to 2.5.9.
Since then we cannot test a portion of our functionality locally. This involves custom domain passed using proxies. We have the following setup locally:
**Nginx proxy** (local.alavoie.mytestdomain.com which points to 127.0.0.1 listening on 443)
|
|
**NPM app** with proxy table (listening on 0.0.0.0 8080)
|
|
**Spring-boot app** (listening on 0.0.0.0 8081)
When we use request.getServerName(), it now returns localhost instead of the url provided local.alavoie.mytestdomain.com
From my investigation, the issue starts as soon as I update to spring-boot 2.5.x. All version of 2.4.x are working.
The tomcat updated dependency does not give any problems. From what i could find, the RemoteIpValve does not get added to the tomcat engine pipeline for the request.
Here is my nginx config
# configuration file /usr/local/etc/nginx/nginx.conf:
#worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name *.alavoie.mytestdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
client_max_body_size 5G;
ssl_certificate /users/alavoie/ssl/certificate.pem;
ssl_certificate_key /users/alavoie/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:8081;
proxy_read_timeout 90;
}
}
# General settings
#
access_log off;
server_tokens off;
##
# Proxy settings
#
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 100 128k;
proxy_headers_hash_bucket_size 128;
##
# gzip settings
#
gzip on;
gzip_disable "msie6";
}
Here is our npm proxy table.
'use strict'
// Template version: 1.2.5
// see http://vuejs-templates.github.io/webpack for documentation.
const path = require('path')
module.exports = {
dev: {
// Paths
assetsSubDirectory: 'static',
assetsPublicPath: '/',
proxyTable: {
'/rest/**': {
target: 'http://localhost:8080',
logLevel: 'debug'
},
'/api/**': 'http://localhost:8080',
'/assets/**': 'http://localhost:8080',
'/auth/*': {
target: 'http://localhost:8080',
changeOrigin: true,
logLevel: 'debug'
},
'/login/twofactor': {
target: 'http://localhost:8080',
changeOrigin: true,
logLevel: 'debug'
},
'/socket': {
target: 'ws://localhost:8080',
ws: true,
},
},
// Various Dev Server settings
host: '0.0.0.0', // can be overwritten by process.env.HOST
port: 8081, // can be overwritten by process.env.PORT, if port is in use, a free one will be determined
autoOpenBrowser: false,
errorOverlay: true,
notifyOnErrors: true,
poll: false, // https://webpack.js.org/configuration/dev-server/#devserver-watchoptions-
// Use Eslint Loader?
// If true, your code will be linted during bundling and
// linting errors and warnings will be shown in the console.
useEslint: true,
// If true, eslint errors and warnings will also be shown in the error overlay
// in the browser.
showEslintErrorsInOverlay: false,
/**
* Source Maps
*/
// https://webpack.js.org/configuration/devtool/#development
devtool: 'eval-source-map',
// If you have problems debugging vue-files in devtools,
// set this to false - it *may* help
// https://vue-loader.vuejs.org/en/options.html#cachebusting
cacheBusting: true,
// CSS Sourcemaps off by default because relative paths are "buggy"
// with this option, according to the CSS-Loader README
// (https://github.com/webpack/css-loader#sourcemaps)
// In our experience, they generally work as expected,
// just be aware of this issue when enabling this option.
cssSourceMap: false,
},
build: {
// Template for index.html
index: path.resolve(__dirname, '../dist/index.html'),
// Paths
assetsRoot: path.resolve(__dirname, '../dist'),
assetsSubDirectory: 'static',
assetsPublicPath: '/',
/**
* Source Maps
*/
productionSourceMap: true,
// https://webpack.js.org/configuration/devtool/#production
devtool: '#source-map',
// Gzip off by default as many popular static hosts such as
// Surge or Netlify already gzip all static assets for you.
// Before setting to `true`, make sure to:
// npm install --save-dev compression-webpack-plugin
productionGzip: false,
productionGzipExtensions: ['js', 'css'],
// Run the build command with an extra argument to
// View the bundle analyzer report after build finishes:
// `npm run build --report`
// Set to `true` or `false` to always turn it on or off
bundleAnalyzerReport: process.env.npm_config_report
}
}
I am running everything on a Mac. Can anyone help me figure out what we are doing wrong
CodePudding user response:
If run behind frontend server and proxy use Forwarded Headers. Providing information on initial request.
For your configuration set:
server.forward-headers-strategy=NATIVE
OR
server.forward-headers-strategy=FRAMEWORK
ref: https://docs.spring.io/spring-boot/docs/current/reference/html/howto.html cap 3.12.