Make ChefZero aware of load balancers

We have some complex reasons to hide a ChefZero behind an nginx proxy. One problem that suddenly arose with this is that URLs returned by posting to /environment/foo/cookbook_versions use the protocol of the internal webrick which is always plain http. This causes the chef client to retrieve these urls on the https port but with an encrypted payload. Support this situation by using the HTTP_X_FORWARDED_PROTO CGI variable if it is available.
author: Joshua Kwan <kwan@schrodinger.com> 2014-12-15 20:06:24 -0500
committer: Joshua Kwan <kwan@schrodinger.com> 2014-12-15 20:06:24 -0500
commit: e96011262a7290d53492656302e557aee66d6c56 (patch)
tree: 3598d4d032b096f6fc5b0126009c98dfc807c19a
parent: 8788aa9da7f3c420bcab8d001208d4cb2cfc4883 (diff)
download: chef-zero-e96011262a7290d53492656302e557aee66d6c56.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/chef_zero/rest_request.rb b/lib/chef_zero/rest_request.rb
index e79af7f..36a7d0a 100644
--- a/lib/chef_zero/rest_request.rb
+++ b/lib/chef_zero/rest_request.rb
@@ -11,7 +11,13 @@ module ChefZero
     attr_accessor :rest_base_prefix
 
     def base_uri
-      @base_uri ||= "#{env['rack.url_scheme']}://#{env['HTTP_HOST']}#{env['SCRIPT_NAME']}"
+      # Load balancer awareness
+      if env['HTTP_X_FORWARDED_PROTO']
+        scheme = env['HTTP_X_FORWARDED_PROTO']
+      else
+        scheme = env['rack.url_scheme']
+      end
+      @base_uri ||= "#{scheme}://#{env['HTTP_HOST']}#{env['SCRIPT_NAME']}"
     end
 
     def base_uri=(value)
author	Joshua Kwan <kwan@schrodinger.com>	2014-12-15 20:06:24 -0500
committer	Joshua Kwan <kwan@schrodinger.com>	2014-12-15 20:06:24 -0500
commit	e96011262a7290d53492656302e557aee66d6c56 (patch)
tree	3598d4d032b096f6fc5b0126009c98dfc807c19a
parent	8788aa9da7f3c420bcab8d001208d4cb2cfc4883 (diff)
download	chef-zero-e96011262a7290d53492656302e557aee66d6c56.tar.gz