diff options
author | Joshua Kwan <kwan@schrodinger.com> | 2014-12-15 20:06:24 -0500 |
---|---|---|
committer | Joshua Kwan <kwan@schrodinger.com> | 2014-12-15 20:06:24 -0500 |
commit | e96011262a7290d53492656302e557aee66d6c56 (patch) | |
tree | 3598d4d032b096f6fc5b0126009c98dfc807c19a /lib | |
parent | 8788aa9da7f3c420bcab8d001208d4cb2cfc4883 (diff) | |
download | chef-zero-e96011262a7290d53492656302e557aee66d6c56.tar.gz |
Make ChefZero aware of load balancers
We have some complex reasons to hide a ChefZero behind an nginx proxy.
One problem that suddenly arose with this is that URLs returned by
posting to /environment/foo/cookbook_versions use the protocol of the
internal webrick which is always plain http. This causes the chef client
to retrieve these urls on the https port but with an encrypted payload.
Support this situation by using the HTTP_X_FORWARDED_PROTO CGI variable
if it is available.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef_zero/rest_request.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/chef_zero/rest_request.rb b/lib/chef_zero/rest_request.rb index e79af7f..36a7d0a 100644 --- a/lib/chef_zero/rest_request.rb +++ b/lib/chef_zero/rest_request.rb @@ -11,7 +11,13 @@ module ChefZero attr_accessor :rest_base_prefix def base_uri - @base_uri ||= "#{env['rack.url_scheme']}://#{env['HTTP_HOST']}#{env['SCRIPT_NAME']}" + # Load balancer awareness + if env['HTTP_X_FORWARDED_PROTO'] + scheme = env['HTTP_X_FORWARDED_PROTO'] + else + scheme = env['rack.url_scheme'] + end + @base_uri ||= "#{scheme}://#{env['HTTP_HOST']}#{env['SCRIPT_NAME']}" end def base_uri=(value) |