Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add proxy fix header handling for X-Forwarded-For etc. #1085

Merged
merged 4 commits into from
Nov 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion datacube_ows/feature_info.py
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ def _make_band_dict(prod_cfg: OWSNamedLayer, pixel_dataset: xarray.Dataset) -> d


@log_call
def _make_derived_band_dict(pixel_dataset: xarray.Dataset, style_index: dict[str, StyleDef]) -> dict[str, int | float]:
def _make_derived_band_dict(pixel_dataset: xarray.Dataset, style_index: dict[str, StyleDef]) -> dict[str, int | float | str]:
"""Creates a dict of values for bands derived by styles.
This only works for styles with an `index_function` defined.

Expand Down
24 changes: 21 additions & 3 deletions datacube_ows/ogc.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,28 @@
from sqlalchemy import text

from datacube_ows import __version__
from datacube_ows.http_utils import (capture_headers, get_service_base_url,
lower_get_args, resp_headers)
from datacube_ows.http_utils import (
capture_headers,
get_service_base_url,
lower_get_args,
resp_headers,
)
from datacube_ows.legend_generator import create_legend_for_style
from datacube_ows.ogc_exceptions import OGCException, WMSException
from datacube_ows.ows_configuration import get_config
from datacube_ows.protocol_versions import supported_versions
from datacube_ows.startup_utils import * # pylint: disable=wildcard-import,unused-wildcard-import
from datacube_ows.startup_utils import (
initialise_aws_credentials,
initialise_babel,
initialise_debugging,
initialise_flask,
initialise_ignorable_warnings,
initialise_logger,
initialise_prometheus,
initialise_sentry,
parse_config_file,
proxy_fix,
)
from datacube_ows.wcs1 import WCS_REQUESTS
from datacube_ows.wms import WMS_REQUESTS

Expand All @@ -43,6 +58,9 @@
# (controlled by environment variables)
metrics = initialise_prometheus(app, _LOG)

# Add middleware to fix proxy headers, controlled by environment variables
app = proxy_fix(app, _LOG)

# Protocol/Version lookup table
OWS_SUPPORTED = supported_versions()

Expand Down
9 changes: 9 additions & 0 deletions datacube_ows/startup_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,15 @@ def initialise_prometheus(app, log=None):
return metrics
return FakeMetrics()

def proxy_fix(app, log=None):
# Proxy Fix, to respect X-Forwarded-For headers
if os.environ.get("PROXY_FIX", False):
from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1)
if log is not None:
log.info("ProxyFix was enabled")
return app

def request_extractor():
qreq = request.args.get('request')
return qreq
Expand Down
8 changes: 8 additions & 0 deletions docs/environment_variables.rst
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,14 @@ prometheus_multiproc_dir:
The `Prometheus event monitoring system <https://prometheus.io>`_ is activated by
setting this lower case environment variable.

PROXY_FIX:
If ``$PROXY_FIX`` is set to "true", "yes", "on" or "1", the Flask application will trust the
X-Forwarded-For and other headers from a proxy server.

This is useful when running behind a reverse proxy server such as Nginx or CloudFront.

NEVER use in production without a reverse proxy server.

Dev Tools
---------

Expand Down
Loading