This repository was archived by the owner on Jan 24, 2019. It is now read-only.
This repository was archived by the owner on Jan 24, 2019. It is now read-only.
X-Forwarded-Proto not honored? #220
Open
Description
In the provided example for https setup, Nginx is set up with proxy_set_header X-Scheme $scheme; to let oauth2_proxy know that the scheme is https. In haproxy however, another header is usually passed instead with http-request add-header X-Forwarded-Proto https if { ssl_fc }. I'm guessing oauth2_proxy doesn't understand that header.
Here are the steps to reproduce:
- Clean existing oauth2_proxy cookies
- Setup the LB to accept both 80 and 443
- Setup github application for http:// with http:// callback URL
- Access page at https://
- Get a login page => redirected to http:// (no HTTPS)
- Access page at https:// again => no redirection
This shows that oauth2_proxy does not know about the HTTPS scheme used on the service page, and thus requests an HTTP callback.
A workaround that worked for me is to pass the -redirect-url parameter to oauth2_proxy, forcing it to use https://, but it would be better if oauth2_proxy honored haproxy's headers instead.