> On Jan 7, 2019, at 16:29, Jonathan Vanasco <[email protected]> wrote: > > > > On Monday, January 7, 2019 at 5:00:43 PM UTC-5, Jonathan Vanasco wrote: > > It would be nice if that functionality could be implemented as middleware > when not running the waitress server. > > This release broke our dev systems from the wsgi manipulation. The issue was > this line to the nginx config from the instructions: > > proxy_set_header X-Forwarded-Host $host:$server_port; > > While the the `:$server_port` bit appears in many tutorials and docs on some > projects, it isn't part of a standard or a standard/requirement. Even > nginx's official docs has conflicting usage patterns with it:
$server_port is only required if you are not using a default port, so that the `X-Forwarded-Host` contains the port number. Browsers by default will already send a host header like this: Host: example.com:8080 If the URL is: https://example.com:8080/ <https://example.com:8080/> I am not sure if NGINX forwards the port with the host in the $host variable or not. I can remove it from the docs. > > * https://www.nginx.com/resources/wiki/start/topics/examples/likeapache/ > * https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/ > > I can't tell if that bit was required by your code. It doesn't look like it > is required (via `task.py` lines 531+) but perhaps a warning about that would > help. > > Sidenote: it looks like the strip on line 680 may be better placed just above > the immediate conditional > > > - if forwarded_host: > - > - forwarded_host = forwarded_host.strip() > > # might be better as... > > + forwarded_host = forwarded_host.strip() > + if forwarded_host: > > It's already been stripped way before that line ever happens. That extra strip() can be removed. > > My initial feeling on this release is that I dislike this implementation. > This approach will create a lot of added complexity for those who use > waitress for Pyramid in development BUT run other servers in Production > and/or Staging - we now have to deal with a deploying something where > Waitress inherently takes control of this portion of wsgi manipulation in one > environment, but is not run at all in other environments. So don't use waitress for this... continue to use your WSGI middleware that you are already using, and completely ignore the existence of this functionality. I would also argue that in development you likely aren't using a reverse proxy server, but even if you are, why are you using a different WSGI server in development than what you run in production when they may have entirely different behaviours or startup requirements. > > IMHO, it would be really nice if... > > 1. this happened within Pyramid (not likely to happen, I know) Nope. > or > 2. this functionality were exposed as a callable, so other deployments can > invoke it. This will still create some pain in maintaining dual deployment > logics, but invoking waitress's logic would ensure parity. I may end up writing some middleware and putting it in WebOb, but I haven't gotten that far yet. Also, once again, you are not required to use waitress for this functionality. You may set: clear_untrusted_proxy_headers = False in development so you don't receive the warning (in the future this flag will be set to True by default, and Waitress will strip proxy headers), and Waitress will happily pass through all the headers into your WSGI environment just like before, as if this functionality does not exist. > > Finally... > > for the docs... if using an ini file, the syntax is; > > [server:main] > use = egg:waitress#main > host = 127.0.0.1 > port = 5020 > trusted_proxy = 127.0.0.1 > trusted_proxy_headers = x-forwarded-for x-forwarded-host x-forwarded-proto > x-forwarded-port > > > > using a quoted format from the current docs will generate an error: > > trusted_proxy_headers = "x-forwarded-for x-forwarded-host x-forwarded-proto > x-forwarded-port" > > Waitress does not inherently support ini or any other config files. Using quotes is valid for python kwargs that you pass to waitress.serve. Since ini is not directly supported or used by waitress, I will continue to document using standard Python syntax. > > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/01761583-c857-412f-80c3-117c6af4f82c%40googlegroups.com > > <https://groups.google.com/d/msgid/pylons-discuss/01761583-c857-412f-80c3-117c6af4f82c%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CC8D499E-7ADE-46DA-B9D9-DD198F2B93F9%400x58.com. For more options, visit https://groups.google.com/d/optout.
