Redirects From Deployed HDS "http" Rather Than "https"
andponlin opened this issue · comments
Issuing...
curl -v -O "https://depot.haiku-os.org/__pkgicon/all.tar.gz"
...yields a redirect which is fine, but the redirect is to an http
URL rather than a secure https
URL. Because it redirects to http
, the reverse-proxy is then redirecting again to https
. If it redirected directly to https
then it would avoid the HaikuDepot application making another request back into the server for each download during startup which may be a (possibly minor) performance improvement.
i think you would need to see
and add a check there if original request used https
The Haiku server system is using NGINX to reverse proxy. HDS runs in the Jetty application-server and I suspect it is fed by NGINX although I am unsure where the nginx.conf
file really lives for this; probably not in the infrastructure project? In any case I need to verify that the correct protocol / scheme header is being relayed from the reverse-proxy back into the HDS application server. Here is the NGINX config for that;
proxy_set_header X-Forwarded-Proto $scheme;
Actually the Haiku server uses traefik, and it should by default add this header. Are you sure you are not getting it?
Thanks; I had assumed it wasn't coming in because it was not configured in the NGINX cfg but if it's another reverse proxy then I'll take a closer look at the application server end.