SERVER_PORT - true port not observed

mrbasil · June 18, 2016, 1:25pm

I’m having trouble with a SAML integration that isn’t observing the true port. (python3-saml).

My current Caddyfile is below. What should I be doing to override the SERVER_PORT webserver variable?

sbx4.xxx.org {
        root /var/caddy/www/sbx4
        proxy / localhost:8084 {
                except /static
                proxy_header Host {host}
                proxy_header X-Real-IP {remote}
                proxy_header X-Forwarded-Proto {scheme}
                proxy_header X-Forwarded-Host {host}
                proxy_header X-Forwarded-Port {port}
                websocket
        }
}

mb

mrbasil · June 20, 2016, 12:32pm

I was able to correct things with this caddyfile:

sbx4.xxx.org {
        root /var/caddy/www/sbx4
        proxy / localhost:8084 {
                except /static
                proxy_header Host {host}
                proxy_header X-Real-IP {remote}
                proxy_header X-Forwarded-Proto {scheme}
                proxy_header X-Forwarded-Host {host}
                proxy_header X-Forwarded-Port 443
                websocket
        }
}

matt · June 20, 2016, 3:20pm

I’m not familiar with SAML, and as far as I know, the proxy directive doesn’t create a SERVER_PORT variable, but there is a server port - but the {port} placeholder is the the client’s port’s as connected to the server, probably not quite what you intended, which is why setting it to 443 fixes it, since you wanted the server port. (There isn’t a placeholder for the server port because that is known by the person who creates the config.)

mrbasil · June 20, 2016, 3:40pm

That sounds correct … in the end the example python3-saml library wasn’t set up to observe X-Forwarded parameters out of the box. After I picked it apart it was essentially a configuration touch up.

mb

system · September 18, 2016, 3:40pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.