302 redirects from latest aren't working?
Opened this issue · 6 comments
@abrasive changed this in PR #30
https://github.com/rgalanakis/hostthedocs/pull/30/files#diff-452aa13f6fb8e9b475a6a45095e25a1d
Since this, the server returns 302s with the Location header:
http://package/version/index.html
when it was previously (and should be, I'd think) returning:
http://hostname.domain.com/package/version/index.html
Am I missing something with my webserver configuration that you guys are doing to make this work properly with this new change, or is this an actual bug?
Hmmm, that's weird- what versions of stuff are you using? That PR was fixing a regression from an upstream change, so I wonder if something else changed. I'm not running this in prod anymore, so any info or debugging would be helpful. Specifically, is redirect getting a good path, and werkzueg or whatever is converting it into an absolute path incorrectly (in which case I suspect a config issue)? Or is redirect getting a bad path, which would be a bug in the code most likely?
All I did for a test was remove the / from the line I pasted above, in my branch for PR #34 and it works great. I have nginx in front of this, in this new test case and with my production server running an old version before PR #30, configured identically.
Really not sure how to debug this further (I don't know much of the code at all), but since I do have this running in a test server, I would be happy to attempt something from here :)
Here's my pip freeze output, running Python 3.8:
appdirs==1.4.3
attrs==19.3.0
Automat==0.8.0
awscli==1.17.14
blinker==1.4
boto==2.49.0
boto3==1.9.253
botocore==1.14.14
CacheControl==0.12.6
certifi==2019.11.28
chardet==3.0.4
Click==7.0
cloud-init==20.1
colorama==0.4.3
command-not-found==0.3
conf==0.4.1
configobj==5.0.6
constantly==15.1.0
contextlib2==0.6.0
croniter==0.3.29
cryptography==2.8
dbus-python==1.2.16
decorator==4.4.2
distlib==0.3.0
distro==1.4.0
distro-info===0.23ubuntu1
docutils==0.16
ec2-hibinit-agent==1.0.0
entrypoints==0.3
filelock==3.0.12
Flask==1.1.2
gevent==20.6.2
greenlet==0.4.16
hibagent==1.0.1
html5lib==1.0.1
httplib2==0.14.0
hyperlink==19.0.0
idna==2.8
importlib-metadata==1.5.0
incremental==16.10.1
iotop==0.6
ipaddr==2.2.0
itsdangerous==1.1.0
javaobj-py3==0.4.1
Jinja2==2.10.1
jmespath==0.9.4
jsonpatch==1.22
jsonpointer==2.0
jsonschema==3.2.0
keyring==18.0.1
language-selector==0.1
launchpadlib==1.10.13
lazr.restfulclient==0.14.2
lazr.uri==1.0.3
lockfile==0.12.2
M2Crypto==0.31.0
MarkupSafe==1.1.0
more-itertools==4.2.0
msgpack==0.6.2
natsort==7.0.1
netifaces==0.10.4
oauthlib==3.1.0
packaging==20.3
pep517==0.8.2
progress==1.5
psutil==5.5.1
pyasn1==0.4.2
pyasn1-modules==0.2.1
pycryptodomex==3.6.1
PyGObject==3.36.0
PyHamcrest==1.9.0
pyjks==20.0.0
PyJWT==1.7.1
pymacaroons==0.13.0
PyNaCl==1.3.0
pyOpenSSL==19.0.0
pyparsing==2.4.6
pyrsistent==0.15.5
pyserial==3.4
pyte==0.4.8
python-apt==2.0.0
python-dateutil==2.7.3
python-debian===0.1.36ubuntu1
python-gnupg==0.4.5
pytoml==0.1.21
pytz==2019.3
PyYAML==5.3.1
pyzmq==18.1.1
requests==2.22.0
requests-unixsocket==0.2.0
retrying==1.3.3
roman==2.0.0
rsa==4.0
s3transfer==0.3.3
salt==3001
SecretStorage==2.3.1
service-identity==18.1.0
simplejson==3.16.0
six==1.15.0
ssh-import-id==5.10
systemd-python==234
Twisted==18.9.0
ubuntu-advantage-tools==20.3
ufw==0.36
unattended-upgrades==0.1
urllib3==1.25.8
virtualenv==20.0.17
wadllib==1.3.3
webencodings==0.5.1
Werkzeug==1.0.1
zipp==1.0.0
zope.event==4.4
zope.interface==4.7.1```
Is it this? pallets/werkzeug#540
Possibly - I have tried setting X-Forwarded-Host and nothing changes. Having read that thread, I agree with the people saying it looks like a werkzeug-is-trying-to-be-clever bug. But I haven't found a combination of nginx settings that makes this work at all.
And again, my older, pre-PR#30 version of hostthedocs, with the following pip freeze output and Python 2.7, everything works perfectly fine:
assert-exists==1.0.3
caller-module==1.0.3
click==6.7
conf==1.0.3
Flask==0.12.2
fullpath==1.0.3
getclass==1.0.3
gevent==1.2.2
greenlet==0.4.12
isclassmethod==1.0.2
isstaticmethod==1.0.2
isstring==1.0.2
itsdangerous==0.24
Jinja2==2.9.6
MarkupSafe==1.0
natsort==5.0.3
objectname==1.0.2
public==1.0.3
six==1.10.0
tolist==1.0.2
Werkzeug==0.12.2
What happens if you hit the Python service directly rather than going through nginx?
Same issue, the server returns Location: http://crow/0.1.56/index.html when I hit http://localhost:5050/crow/latest/.
Removing removing the leading slash addition in the latest version, it returns Location: http://localhost:5050/crow/0.1.56/index.html.