From d6b4cb5f1965f6f28baafdb8ac27d2117464c277 Mon Sep 17 00:00:00 2001
From: Shrikant Sharat Kandula <shrikant@appsmith.com>
Date: Fri, 14 Oct 2022 06:30:27 +0530
Subject: [PATCH] Fix X-Forwarded-Host with multiple rev-proxies (#16951)

---
 .../nginx/nginx-app-http.conf.template.sh     | 18 ++++++----
 .../nginx/nginx-app-https.conf.template.sh    | 34 +++++++++++--------
 2 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh b/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh
index f5a72ebdc8..9ef9ac6306 100644
--- a/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh
+++ b/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh
@@ -13,6 +13,12 @@ map \$http_x_forwarded_proto \$origin_scheme {
   default \$http_x_forwarded_proto;
   '' \$scheme;
 }
+
+map \$http_x_forwarded_host \$origin_host {
+  default \$http_x_forwarded_host;
+  '' \$host;
+}
+
 # redirect log to stdout for supervisor to capture
 access_log /dev/stdout;
 
@@ -48,11 +54,11 @@ server {
     proxy_max_temp_file_size 0;
     proxy_redirect     off;
 
-    proxy_set_header  Host             	\$http_host/supervisor/;
-    proxy_set_header  X-Forwarded-For  	\$proxy_add_x_forwarded_for;
-    proxy_set_header 	X-Forwarded-Proto \$scheme;
-    proxy_set_header 	X-Forwarded-Host 	\$http_host;
-    proxy_set_header  Connection       "";
+    proxy_set_header  Host              \$http_host/supervisor/;
+    proxy_set_header  X-Forwarded-For   \$proxy_add_x_forwarded_for;
+    proxy_set_header  X-Forwarded-Proto \$origin_scheme;
+    proxy_set_header  X-Forwarded-Host  \$origin_host;
+    proxy_set_header  Connection        "";
 
     proxy_pass http://localhost:9001/;
 
@@ -61,7 +67,7 @@ server {
   }
 
   proxy_set_header X-Forwarded-Proto \$origin_scheme;
-  proxy_set_header X-Forwarded-Host \$host;
+  proxy_set_header X-Forwarded-Host  \$origin_host;
 
   location / {
     try_files \$uri /index.html =404;
diff --git a/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh b/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh
index 32f2887737..8028b37e0a 100644
--- a/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh
+++ b/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh
@@ -19,6 +19,12 @@ map \$http_x_forwarded_proto \$origin_scheme {
   default \$http_x_forwarded_proto;
   '' \$scheme;
 }
+
+map \$http_x_forwarded_host \$origin_host {
+  default \$http_x_forwarded_host;
+  '' \$host;
+}
+
 # redirect log to stdout for supervisor to capture
 access_log /dev/stdout;
 
@@ -47,23 +53,23 @@ server {
   }
 
   location /supervisor/ {
-      proxy_http_version 1.1;
-      proxy_buffering    off;
-      proxy_max_temp_file_size 0;
-      proxy_redirect    off;
-      proxy_set_header  Host             \$http_host/supervisor/;
-      proxy_set_header  X-Real-IP        \$remote_addr;
-      proxy_set_header  X-Forwarded-For  \$proxy_add_x_forwarded_for;
-      proxy_set_header 	X-Forwarded-Proto \$origin_scheme;
-      proxy_set_header 	X-Forwarded-Host \$http_host;
-      proxy_set_header   Connection       "";
-      proxy_pass http://localhost:9001/;
-      auth_basic "Protected";
-      auth_basic_user_file /etc/nginx/passwords;
+    proxy_http_version 1.1;
+    proxy_buffering    off;
+    proxy_max_temp_file_size 0;
+    proxy_redirect    off;
+    proxy_set_header  Host              \$http_host/supervisor/;
+    proxy_set_header  X-Real-IP         \$remote_addr;
+    proxy_set_header  X-Forwarded-For   \$proxy_add_x_forwarded_for;
+    proxy_set_header  X-Forwarded-Proto \$origin_scheme;
+    proxy_set_header  X-Forwarded-Host  \$origin_host;
+    proxy_set_header  Connection        "";
+    proxy_pass http://localhost:9001/;
+    auth_basic "Protected";
+    auth_basic_user_file /etc/nginx/passwords;
   }
 
   proxy_set_header X-Forwarded-Proto \$origin_scheme;
-  proxy_set_header X-Forwarded-Host \$host;
+  proxy_set_header X-Forwarded-Host \$origin_host;
 
   client_max_body_size 100m;