Fix OAuth failing when there's SSL termination (#9286)

Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
2021-11-23 08:15:35 +05:30 · 2021-11-23 08:15:35 +05:30 · afeeb414dc
commit afeeb414dc
parent 842c47bee2
4 changed files with 28 additions and 9 deletions
--- a/deploy/ansible/appsmith_playbook/roles/generate_template/templates/nginx-app.conf.j2
+++ b/deploy/ansible/appsmith_playbook/roles/generate_template/templates/nginx-app.conf.j2
@ -1,3 +1,7 @@
+map $http_x_forwarded_proto $origin_scheme {
+    default $http_x_forwarded_proto;
+    '' $scheme;
+}

 server {
    listen 80;
@ -13,7 +17,7 @@
        root /var/www/certbot;
    }

-    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Proto $origin_scheme;
    proxy_set_header X-Forwarded-Host $host;

    location / {
@ -70,7 +74,7 @@
 {{ ssl_cmt }}    include /etc/letsencrypt/options-ssl-nginx.conf;
 {{ ssl_cmt }}    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

-{{ ssl_cmt }}    proxy_set_header X-Forwarded-Proto $scheme;
+{{ ssl_cmt }}    proxy_set_header X-Forwarded-Proto $origin_scheme;
 {{ ssl_cmt }}    proxy_set_header X-Forwarded-Host $host;

 {{ ssl_cmt }}    root /var/www/appsmith;
--- a/deploy/docker/templates/nginx_app.conf.sh
+++ b/deploy/docker/templates/nginx_app.conf.sh
@ -9,13 +9,18 @@ CUSTOM_DOMAIN="$2"
 SSL_CERT_PATH="/etc/letsencrypt/live/$CUSTOM_DOMAIN/fullchain.pem"
 SSL_KEY_PATH="/etc/letsencrypt/live/$CUSTOM_DOMAIN/privkey.pem"

-# In case of existing custom certificate, container will use them to configure SSL 
+# In case of existing custom certificate, container will use them to configure SSL
 if [[ -e "/appsmith-stacks/ssl/fullchain.pem" ]] && [[ -e "/appsmith-stacks/ssl/privkey.pem" ]]; then
  SSL_CERT_PATH="/appsmith-stacks/ssl/fullchain.pem"
  SSL_KEY_PATH="/appsmith-stacks/ssl/privkey.pem"
 fi

 cat <<EOF
+map $http_x_forwarded_proto $origin_scheme {
+  default $http_x_forwarded_proto;
+  '' $scheme;
+}
+
 server {
  listen 80;
 $NGINX_SSL_CMNT  server_name $CUSTOM_DOMAIN ;
@ -30,7 +35,7 @@ $NGINX_SSL_CMNT  server_name $CUSTOM_DOMAIN ;
    root /appsmith-stacks/data/certificate/certbot;
  }

-  proxy_set_header X-Forwarded-Proto \$scheme;
+  proxy_set_header X-Forwarded-Proto \$origin_scheme;
  proxy_set_header X-Forwarded-Host \$host;

  location / {
@ -91,7 +96,7 @@ $NGINX_SSL_CMNT
 $NGINX_SSL_CMNT    include /appsmith-stacks/data/certificate/conf/options-ssl-nginx.conf;
 $NGINX_SSL_CMNT    ssl_dhparam /appsmith-stacks/data/certificate/conf/ssl-dhparams.pem;
 $NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    proxy_set_header X-Forwarded-Proto \$scheme;
+$NGINX_SSL_CMNT    proxy_set_header X-Forwarded-Proto \$origin_scheme;
 $NGINX_SSL_CMNT    proxy_set_header X-Forwarded-Host \$host;
 $NGINX_SSL_CMNT
 $NGINX_SSL_CMNT    root /opt/appsmith/editor;
@ -134,7 +139,7 @@ $NGINX_SSL_CMNT
 $NGINX_SSL_CMNT    location /login {
 $NGINX_SSL_CMNT        proxy_pass http://localhost:8080;
 $NGINX_SSL_CMNT    }
-$NGINX_SSL_CMNT 
+$NGINX_SSL_CMNT
 $NGINX_SSL_CMNT	   location /socket.io {
 $NGINX_SSL_CMNT        proxy_pass http://localhost:8091;
 $NGINX_SSL_CMNT        proxy_http_version 1.1;
--- a/deploy/k8s/scripts/nginx-configmap.yaml
+++ b/deploy/k8s/scripts/nginx-configmap.yaml
@ -4,6 +4,11 @@ metadata:
  name: nginx-config-template
 data:
  nginx.conf.template: "
+  map $http_x_forwarded_proto $origin_scheme {
+    default $http_x_forwarded_proto;
+    '' $scheme;
+  }
+
  server {
    listen 80;
    client_max_body_size 100m;
@ -12,7 +17,7 @@ data:

    root /var/www/appsmith;

-    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Proto $origin_scheme;
    proxy_set_header X-Forwarded-Host $host;

    location / {
--- a/deploy/template/nginx_app.conf.sh
+++ b/deploy/template/nginx_app.conf.sh
@ -11,6 +11,11 @@ NGINX_SSL_CMNT="$1"
 custom_domain="$2"

 cat <<EOF
+map $http_x_forwarded_proto $origin_scheme {
+  default $http_x_forwarded_proto;
+  '' $scheme;
+}
+
 server {
    listen 80;
 $NGINX_SSL_CMNT    server_name $custom_domain ;
@ -25,7 +30,7 @@ $NGINX_SSL_CMNT    server_name $custom_domain ;
        root /var/www/certbot;
    }

-    proxy_set_header X-Forwarded-Proto \$scheme;
+    proxy_set_header X-Forwarded-Proto \$origin_scheme;
    proxy_set_header X-Forwarded-Host \$host;

    location / {
@ -83,7 +88,7 @@ $NGINX_SSL_CMNT
 $NGINX_SSL_CMNT    include /etc/letsencrypt/options-ssl-nginx.conf;
 $NGINX_SSL_CMNT    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 $NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    proxy_set_header X-Forwarded-Proto \$scheme;
+$NGINX_SSL_CMNT    proxy_set_header X-Forwarded-Proto \$origin_scheme;
 $NGINX_SSL_CMNT    proxy_set_header X-Forwarded-Host \$host;
 $NGINX_SSL_CMNT
 $NGINX_SSL_CMNT    root /var/www/appsmith;