-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SSL offloading information #107
Comments
This is actually what rails does by default, when generating URLs. It takes the protocol and hostname from the request. Since the docker image does not support To work around this, the reverse proxy can add HTTP headers with the original information that rails can evaluate. Here is an example for nginx:
Apart from that, rails also has a |
SSL must be done by nginx in front of HDM. Needs documentation. |
This is from a customer setup with a proxy F5 LB in front of plain docker HDM. |
@oneiros : Question from customer: should we set |
As noted above (#107 (comment)), I am not sure this is desired. When I firmly believe, we need to encourage the usage of secure connections in any kind of production environment. But I can also envision scenarios in which hdm is being evaluated in a local test setup or only used within the confines of an otherwise secure environment. Having to configure SSL in these cases seems unnecessary hard and raises the barrier of entry significantly. Things would be different if the HDM container somehow had SSL support baked in, but I figure this might be hard to implement. |
@oneiros Another information from the customer:
|
Short answer: This only means the rails app still does not know that the original request used Long answer: There is actually a difference in the two authentication methods, but only for admin users. Local login as admin redirects to a relative path (
We could of course change that, but then something else would break. The only real solution is to have the load balancer set the HTTP headers mentioned above. |
This is not an issue with HDM, but (in this specific case) a LB issue. Closing. |
when installing a new hdm instance and having no users, one gets redirected to http to create a new user. but connection was initialized from https. we schould redirect to the same protocol as the initial reuqest
The text was updated successfully, but these errors were encountered: