Fix proxy_base_url

Question

Fix proxy_base_url

Opened this issue 3 months ago · 7 comments

The Geoserver chart comes with the value

geoserver_proxy_base_url: "${X-Forwarded-Proto}://${X-Forwarded-Host}/geoserver"

but it does not work when attempting to log in to Geoserver.

Image after trying login attempt

Answer 1 · 2024-05-16T17:03:04.000Z

Changing the value to

 geoserver_proxy_base_url: "http://localhost:8080/geoserver"

it enables successful login.
Thanks to Camuffo, I discovered that if we check the "use headers for Proxy Url" in global settings, and then replace geoserver_proxy_base_url with

${X-Forwarded-Proto}://${X-Forwarded-Host}/geoserver

After upgrading the helm deployment, it functions correctly.
Currently, I have been searching for a flag to activate the mentioned checkbox in order to avoid the above process, but no found anything yet.
Perhaps you @randomorder have some hints about it?

Answer 2 · 2024-05-17T06:40:23.000Z

Hi @david7378
The checkbox to enable the use of headers in the global settings is mapped to the global.xml file in the geoserver datadir. If the geoserver is started on an empty data directory the global.xml is generated on the fly with the checkbox unchecked.

For the PBU to work with headers we need to have a sample datadir in geoserver with that checkbox checked

Answer 3 · 2024-05-17T15:13:04.000Z

I made some progress, I managed to configure it from the Rancher UI and pass the global.xml file as a ConfigMap with the parameter useHeadersProxyURL set to true and it works.
I am going to update the chart with this config.

Answer 4 · 2024-05-17T16:17:53.000Z

Hi @randomorder
I have created a PR for charts repository.
This is the link of the PR:
Link to PR

Answer 5 · 2024-06-18T16:39:50.000Z

Problem is that the Chart spin up a geoserver or geoserver cluster with a default datadir. In the default datadir the checkbox to use headers for PBU is not checked so the dynamic PBU cannot really work.

In my opinion we should add a flag to enable/disable the proxy base URL in the values file similarly to what we are doing with the CSRF here . The flag should be disabled by default.

Answer 6 · 2024-06-20T13:43:37.000Z

Problem is that the Chart spin up a geoserver or geoserver cluster with a default datadir. In the default datadir the checkbox to use headers for PBU is not checked so the dynamic PBU cannot really work.

In my opinion we should add a flag to enable/disable the proxy base URL in the values file similarly to what we are doing with the CSRF here . The flag should be disabled by default.

What do you think @camuffo ?

Answer 7 · 2024-06-20T15:07:57.000Z

@randomorder

add a flag to enable/disable the proxy base URL in the values

I think this is useful in the case we want to use the PBU in the data_dir.
So it's nice to have, but solves another problem. (And maybe it requires to make the assignment here conditional).

Here we are trying to achieve a deploy that uses headers in the PBU and at the same time doesn't require intervention in the GS UI.

So we can:

overwrite the whole global.xml, as David did. I agree it might lead to unforeseen issues though.
patch the entrypoint to patch the global.xml at runtime. 🙂 Ugly.
ask aaime to implement an env var to enable the headers in PBU