Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

gunicorn via mod_proxy is redirecting outside of the project's scope, despite ProxyPassReverse

Tags:

reverse-proxy

apache

django

gunicorn

wsgi

I have a WSGI-app (a Django project) running under gunicorn on 127.0.0.1:18731 and I use Apache with mod_proxy to redirect requests from http://example.com/my-project/* to http://127.0.0.1:18731/*. Static files are stored outside of /my-project/. If the Django app does not need to redirect anything, this works just fine, but if it tries to redirect a request (e.g. to add a trailing slash to http://example.com/my-project/foo), it ends up removing /my-project/ from the URL, leaving me with the invalid URL http://example.com/foo/.

My mod_proxy configuration is as follows:

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>
ProxyRequests On
ProxyPass /my-project/ http://127.0.0.1:18731/ retry=0
ProxyPassReverse /my-project/ http://127.0.0.1:18731/ retry=0
ProxyPreserveHost On
ProxyErrorOverride Off

I do not want to force Django to prefix /my-project/ to all of its URLs, in the interest of portability. Apache should apparently be handling the prefix on its own with the ProxyPassReverse line. What am I doing wrong?

like image 578
ashastral Avatar asked Jun 20 '11 21:06

ashastral

1 Answers

I had this problem to.

ProxyPreserveHost On

<Location "/my-project/">
    ProxyPass http://127.0.0.1:18173/my-project/
    ProxyPassReverse http://127.0.0.1:18173/my-project/
    RequestHeader set SCRIPT_NAME /my-project
    RequestHeader set X-FORWARDED-PROTOCOL ssl
    RequestHeader set X-FORWARDED-SSL on
</Location>

To enable the WSGI app to construct an absolute url we need:

  • ProxyPreserveHost On, so the Host: header gets passed and the app knows the Hostname the client sees us at.
  • Add a SCRIPT_NAME header so the app knows where its root is.
  • Set X-FORWARDED- headers as needed. I'm using ssl too, so I have to tell the app it should use the https scheme.

I use <Location> directives, because I do a lot more stuff on this vhost. But you can easily rewrite this by passing path arguments to the ProxyPass and ProxyPassReverse directives.

NB: ProxyRequests should be Off, unless you want a forward proxy too. If you're reading this you probably only want a reversed proxy.

Django specific note: settings.LOGIN_URL is used as is, so you'll need to prepend the SCRIPT_NAME to it yourself.

like image 187
Chris Wesseling Avatar answered Oct 07 '22 23:10

Chris Wesseling
Sign in to Comment

Related questions

Django REST framework custom format for all out responses
django rest framework list query customize json array result response because of date formatting
Django SearchVector using icontains
Expected a `Response`, `HttpResponse` or `HttpStreamingResponse` to be returned from the view, but received a `<class 'NoneType'>` [duplicate]
Run multiple django project with nginx and gunicorn
Use Django template syntax in a css file
Django server stops immediatly after login into admin page
Django ORM: Equivalent of SQL `NOT IN`? `exclude` and `Q` objects do not work
Django: Subprocess Continuous Output To HTML View
Disable prefers-color-scheme: dark in django admin
Why does Django post_save signal give me pre_save data?
WSGI/Django: pass username back to Apache for access log
Why were the original authors of Django against include tags?
simple document/knowledge management system, based on django [closed]
Django: Limiting the number of relationships in a OnetoMany relationship
how to disable nose test's coverage report
Same field, different choices in Django model subclasses
ManyToManyField and South migration
How can I "keep" the uploaded image on a form validation error?
Create users in LDAP using Django

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!