From 2381be69219076c336aee698941fd9d075207058 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Behmo?= Date: Thu, 9 Feb 2023 20:30:31 +0100 Subject: [PATCH] fix: https is ignored with proxy is enabled When ENABLE_WEB_PROXY=false, Caddy was overriding the X-Forwarded-* headers. This is a change that was introduced in 2.5.0. We upgrade to 2.6.3 to use the new global "trusted_proxies" directive. https://github.com/caddyserver/caddy/releases/tag/v2.6.3 https://github.com/caddyserver/caddy/releases/tag/v2.5.0 --- tutor/templates/apps/caddy/Caddyfile | 9 +++++++++ tutor/templates/config/defaults.yml | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tutor/templates/apps/caddy/Caddyfile b/tutor/templates/apps/caddy/Caddyfile index b361193..114f49c 100644 --- a/tutor/templates/apps/caddy/Caddyfile +++ b/tutor/templates/apps/caddy/Caddyfile @@ -1,5 +1,14 @@ # Global configuration { + + {% if not ENABLE_WEB_PROXY %} + # Enable proxying from all servers by default. Otherwise, X-Forwarded-* headers will + # be overwritten. + # https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#defaults + servers { + trusted_proxies static 0.0.0.0/0 ::/0 + } + {% endif %} {{ patch("caddyfile-global")|indent(4) }} } diff --git a/tutor/templates/config/defaults.yml b/tutor/templates/config/defaults.yml index 3bee19b..7c1cf17 100644 --- a/tutor/templates/config/defaults.yml +++ b/tutor/templates/config/defaults.yml @@ -12,7 +12,7 @@ DOCKER_COMPOSE_VERSION: "3.7" DOCKER_REGISTRY: "docker.io/" DOCKER_IMAGE_OPENEDX: "{{ DOCKER_REGISTRY }}overhangio/openedx:{{ TUTOR_VERSION }}" DOCKER_IMAGE_OPENEDX_DEV: "openedx-dev:{{ TUTOR_VERSION }}" -DOCKER_IMAGE_CADDY: "docker.io/caddy:2.6.2" +DOCKER_IMAGE_CADDY: "docker.io/caddy:2.6.3" DOCKER_IMAGE_ELASTICSEARCH: "docker.io/elasticsearch:7.10.1" DOCKER_IMAGE_MONGODB: "docker.io/mongo:4.2.17" DOCKER_IMAGE_MYSQL: "docker.io/mysql:5.7.35"