Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

gunicorn via mod_proxy is redirecting outside of the project's scope, despite ProxyPassReverse

I have a WSGI-app (a Django project) running under gunicorn on 127.0.0.1:18731 and I use Apache with mod_proxy to redirect requests from http://example.com/my-project/* to http://127.0.0.1:18731/*. Static files are stored outside of /my-project/. If the Django app does not need to redirect anything, this works just fine, but if it tries to redirect a request (e.g. to add a trailing slash to http://example.com/my-project/foo), it ends up removing /my-project/ from the URL, leaving me with the invalid URL http://example.com/foo/.

My mod_proxy configuration is as follows:

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>
ProxyRequests On
ProxyPass /my-project/ http://127.0.0.1:18731/ retry=0
ProxyPassReverse /my-project/ http://127.0.0.1:18731/ retry=0
ProxyPreserveHost On
ProxyErrorOverride Off

I do not want to force Django to prefix /my-project/ to all of its URLs, in the interest of portability. Apache should apparently be handling the prefix on its own with the ProxyPassReverse line. What am I doing wrong?

like image 578
ashastral Avatar asked Jun 20 '11 21:06

ashastral


1 Answers

I had this problem to.

ProxyPreserveHost On

<Location "/my-project/">
    ProxyPass http://127.0.0.1:18173/my-project/
    ProxyPassReverse http://127.0.0.1:18173/my-project/
    RequestHeader set SCRIPT_NAME /my-project
    RequestHeader set X-FORWARDED-PROTOCOL ssl
    RequestHeader set X-FORWARDED-SSL on
</Location>

To enable the WSGI app to construct an absolute url we need:

  • ProxyPreserveHost On, so the Host: header gets passed and the app knows the Hostname the client sees us at.
  • Add a SCRIPT_NAME header so the app knows where its root is.
  • Set X-FORWARDED- headers as needed. I'm using ssl too, so I have to tell the app it should use the https scheme.

I use <Location> directives, because I do a lot more stuff on this vhost. But you can easily rewrite this by passing path arguments to the ProxyPass and ProxyPassReverse directives.

NB: ProxyRequests should be Off, unless you want a forward proxy too. If you're reading this you probably only want a reversed proxy.

Django specific note: settings.LOGIN_URL is used as is, so you'll need to prepend the SCRIPT_NAME to it yourself.

like image 187
Chris Wesseling Avatar answered Oct 07 '22 23:10

Chris Wesseling