Opened 7 years ago
Closed 7 years ago
#5546 closed defect (wontfix)
Server hardly hostable behind nginx proxy_pass and https
| Reported by: | microjoe | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | programming | Keywords: | |
| Cc: | Parent Tickets: |
Description
I am currently hosting my GMG instance behind a nginx proxy using the following line:
proxy_pass http://localhost:6543;
Since the fastcgi configuration is totally not working (flup errors) this is currently the only way I have to host my GMG. It is behind a secured nginx server with letsencrypt support. However API URLs are returning http://localhost:6543/api/... urls because GMG does not know it is behind a proxy.
I managed to make everything work with the following nginx config:
location /
{
proxy_pass http://127.0.0.1:6543;
proxy_set_header Host $host;
}
And this modification in app.py in order to enforce https:
request.environ['wsgi.url_scheme'] = 'https'
However this is hacky. I am not familiar enough with wsgi stuff to propose a patch but hosting via proxy should be way simpler than this hacking. Maybe propose new configuration parameters such as ENFORCE_HTTPS or stuff.
Proposed solution by ayleph on IRC is to use uwsgi instead of fastcgi. See for example this blogpost: http://nathanielca.se/fossrit/deploying-mediagoblin-1-fastcgi-vs-uwsgi.html
I am going to propose a patch for uwsgi script starter so that it is simple to start a uwsgi server.
The solution to this issue is: do NOT use simpleserver.sh if behind a proxy. Use uwsgi instead.