You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to run Puma behind a service that is unfortunately not passing down HTTP_X_FORWARDED headers. We also need to run Puma on a port other than port 443 and not in SSL mode, while the frontend service handles the SSL.
This has caused a problem within Puma where redirects generated by Rails (notably on session create) use http rather than https and this is confusing clients and the frontend service.
The only way I can find in Puma itself to set Rack's url scheme is with this line in lib/puma/request.rb:
Following the thread, default_server_port checks if Puma is running in SSL mode, then checks if the X_FORWARDED headers are there, returning PORT_443 in this case, otherwise PORT_80. To work around this I have monkey patched default_server_port to return PORT_443 in our environment regardless.
It would be great to be able to more explicitly control the Rack url scheme, and I suggest that the port assumptions here could do with refactoring for environments where Puma is running on a custom port (neither 443 or 80).
If there's some other way to achieve what I'm trying to achieve or if I've missed some configuration option, please let me know.
The text was updated successfully, but these errors were encountered:
Makes sense, as the frontend really defines this. I think adding a config option, and, if it's not set, the current setting (as shown above) will be used. I'll post a PR soon...
We need to run Puma behind a service that is unfortunately not passing down
HTTP_X_FORWARDED
headers. We also need to run Puma on a port other than port 443 and not in SSL mode, while the frontend service handles the SSL.This has caused a problem within Puma where redirects generated by Rails (notably on session create) use
http
rather thanhttps
and this is confusing clients and the frontend service.The only way I can find in Puma itself to set Rack's url scheme is with this line in
lib/puma/request.rb
:env[RACK_URL_SCHEME] = default_server_port(env) == PORT_443 ? HTTPS : HTTP
Following the thread,
default_server_port
checks if Puma is running in SSL mode, then checks if theX_FORWARDED
headers are there, returningPORT_443
in this case, otherwisePORT_80
. To work around this I have monkey patcheddefault_server_port
to returnPORT_443
in our environment regardless.It would be great to be able to more explicitly control the Rack url scheme, and I suggest that the port assumptions here could do with refactoring for environments where Puma is running on a custom port (neither 443 or 80).
If there's some other way to achieve what I'm trying to achieve or if I've missed some configuration option, please let me know.
The text was updated successfully, but these errors were encountered: