Plugin URL behind HAProxy

OllisGit · May 19, 2021, 9:46pm

Hi,
I know here in the forum is a lot of stuff about proxies, but nothing fits for my issue:

I am using flask.url_for("plugin.SpoolManager.selectSpoolByQRCode", _external=True, databaseId=databaseId) for generating an absolut url like this:

http://localhost:5000/plugin/SpoolManager/selectSpoolByQRCode/6

But now, I received an issue that this always generate http-urls instead of an https url.
See Spool QR code points to http instead of https · Issue #156 · OllisGit/OctoPrint-SpoolManager · GitHub

I know that I could add _scheme='https' to the url_for method, but then https is added everytime.

Is there a "standard-way" in OP?

My current idea is that I send the browser-location to the python backend and do some magic string manipulation to decide to add http or https.

Any idea is welcome
Olli

fieldOfView · May 20, 2021, 7:08am

Does it really need to be an absolute URL? A relative URL would be so much easier. Https is just one variable; how about the port? The reverse proxy could also prepend a path. How would you even get a useful hostname?

OctoPrint itself uses the url_for jinja function to reference its own index, here: OctoPrint/systeminfo.jinja2 at b6ebe7c8539b86acb217483b853910d23518967f · OctoPrint/OctoPrint · GitHub

OllisGit · May 21, 2021, 6:47am

Unfortunately I need an absolute url, because it is hard coded into the qr-code image.

I think I will try to send the javascript value window.location.origin to my plugin-api. And the plugin could use this to generate the absolute URL for the QR-Code-Link.

Or I will add an textfield in the plugin-settings where the user could enter the url prefix.

fieldOfView · May 21, 2021, 6:51am

Did you see the second part of my response about how OctoPrint creates an absolute URL in the jinja template?

OllisGit · May 21, 2021, 8:36pm

Yes, the jina2 template use the function I do in my plugin.
https://flask.palletsprojects.com/en/1.1.x/templating/

url_for()
The flask.url_for() function.

So, I used the same approach...instead of "index" I am using my plugin url..maybe this is the issue.

I ask the user to provide me the haproxy-config, because I want to setup the same environment to reproduce the issue. At the moment it is ("raten im Garten")...english translation "a shot in the dark"

So until I got the haproxy-config the issue is on hold

Thx, for your idea.
Olli

jneilliii · May 22, 2021, 1:36am

"rat in the garden", that's awesome.

OllisGit · June 4, 2021, 7:07pm

I was able to reproduce the issue with my own installed haproxy.

If the header X-Scheme is missing then OP/Flask could not handle the protocoll.
In newer haproxy config it looks like this:

...
backend octoprint
        http-request add-header X-Scheme https if { ssl_fc }
        option forwardfor
        server octoprint1 127.0.0.1:5000
...

It was already posted here: Reverse proxy configuration examples (see haproxy ssl section)

Rosella · June 10, 2021, 10:37am

Thanks for update and quick reply. I'll be sure to keep an eye o this thread. Looking for the same issue.

www.myaarpmedicare.com login