First step in debugging proxy trust issue

southlondonmakerspace · Apr 30, 2018 · 1bc0293 · 1bc0293
1 parent 8a6238c
commit 1bc0293
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 1 deletion.
diff --git a/app.js b/app.js
@@ -50,6 +50,10 @@ app.set( 'views', __views );
 app.set( 'view engine', 'pug' );
 app.set( 'view cache', false );
 
+// Set reverse proxy trust (see http://expressjs.com/en/guide/behind-proxies.html)
+// default to false
+app.set( 'trust proxy', config.reverseProxyTrust || false )
+
 // Load apps
 app_loader( app );
 

diff --git a/config/example-config.json b/config/example-config.json
@@ -38,5 +38,6 @@
 	"iterations": 50000,
 	"dev": true,
 	"log": "/var/log/membership.log",
-	"logStdout": false
+	"logStdout": false,
+	"reverseProxyTrust":"loopback"
 }
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -14,3 +14,8 @@ services:
      image: ministryofjustice/mailcatcher
      ports:
        - "1080:1080"
+   proxy:
+     image: nginx
+     build: ./nginx/
+     ports:
+       - "8080:8080"
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -0,0 +1,2 @@
+FROM nginx
+COPY membership.conf /etc/nginx/conf.d/membership.conf
diff --git a/nginx/membership.conf b/nginx/membership.conf
@@ -0,0 +1,11 @@
+server {
+  server_name localhost;
+  listen 8080;
+  location / {
+    proxy_set_header HOST $host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass  http://membership:3001;
+  }
+}
diff --git a/readme.md b/readme.md
@@ -53,3 +53,6 @@ Stub out your app structure within `app/`, this will include:
 
 
 Check out these files to get an idea of how each of these should be structure.
+
+## Reverse proxy
+If running behind a reverse proxy, you should configure your proxy to add the `X-Forwarded-*` headers (see [nginx documentation](https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/)), and also set reverseProxyTrust variable in `config/config.json`
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		FROM nginx
		COPY membership.conf /etc/nginx/conf.d/membership.conf
Original file line number	Diff line number	Diff line change
Expand Up		@@ -53,3 +53,6 @@ Stub out your app structure within `app/`, this will include:


		Check out these files to get an idea of how each of these should be structure.

		## Reverse proxy
		If running behind a reverse proxy, you should configure your proxy to add the `X-Forwarded-*` headers (see [nginx documentation](https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/)), and also set reverseProxyTrust variable in `config/config.json`