Commit e5aa26ed authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Drop REMOTE_USER header

It is used internally for communication between backend and the server.
parent c24e81d0
...@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 19322acbbb17eaca36a51ce1aec47230 md5sum = 113d1708520bca2ebbd72d84b440c37b
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
md5sum = 7a1fa1239f29cf1a3f6f578f6ff05ca3 md5sum = eafc7e73d7fe47ba9930343bcb876d63
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
......
...@@ -17,6 +17,9 @@ ...@@ -17,6 +17,9 @@
{%- endif %} {%- endif %}
# Rewrite part # Rewrite part
proxy / {{ slave_parameter.get('backend_url', '') }} { proxy / {{ slave_parameter.get('backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
...@@ -37,6 +40,8 @@ ...@@ -37,6 +40,8 @@
{%- endif %} {%- endif %}
## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} ## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
proxy / {{ slave_parameter.get('https_backend_url', '') }} { proxy / {{ slave_parameter.get('https_backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
......
...@@ -48,6 +48,9 @@ ...@@ -48,6 +48,9 @@
{% if slave_type == 'zope' and backend_url %} {% if slave_type == 'zope' and backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif -%}
...@@ -91,6 +94,9 @@ ...@@ -91,6 +94,9 @@
{%- if backend_url %} {%- if backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif -%}
...@@ -142,6 +148,9 @@ ...@@ -142,6 +148,9 @@
} }
{% elif slave_type == 'zope' and backend_url %} {% elif slave_type == 'zope' and backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif -%}
...@@ -180,6 +189,9 @@ ...@@ -180,6 +189,9 @@
{% endif -%} {% endif -%}
{%- if slave_parameter.get('url', '') %} {%- if slave_parameter.get('url', '') %}
proxy / {{ slave_parameter.get('url', '') }} { proxy / {{ slave_parameter.get('url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif -%}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment