DXE-4453 [FEATURE] reverse proxy problem #78
Comments
lsadlon
changed the title
|
Hi @rhc716 Thanks for interesting suggestion. I created internal ticket for us to think about your feature request and we will go back to you after investigation. BR, |
|
I am honored that my opinion has been heard. |
|
May I ask if there has been any progress on this ticket? 😂 |
|
Hi @rhc716, Thank you for your message. Could we ask you for some additional information?
BR, |
|
Hello, On the server currently in use, I am attempting to call the Akamai Purge API after deployment through a reverse proxy server during the final stage of Jenkins. I planned to use httpie-edgegrid for this purpose. Although there is a -proxy option available, it is intended for forward proxy configurations, so I couldn’t utilize it.
I hope this clarifies the situation despite any shortcomings in my explanation. |
|
Hi @rhc716 , thank you for your explanations. I was more interested in the error returned from the API server in the reverse proxy scenario. I set up a reverse proxy to one of our API servers and I placed the proxy's server name in .edgerc. Then, since the proxy name is used to calculate the request signature (not the Akamai API server's name), the server returned a "signature does not match" error (401), which was expected. Adding the option you ask for solves the problem, but it is a rather unusual solution. A common assumption is that reverse proxy should be "invisible" to the user. This problem is usually solved by terminating SSL on the proxy and installing your own certificate authority on client machines. You can get by without a CA by telling the client to trust a self-signed certificate (the --verify no option in httpie). The final step is to map the Akamai API server hostname to the reverse proxy IP address (the easiest way to do this is in the /etc/hosts file). This way httpie (and other http clients) do not need any modification. I recently set up nginx this way, with success. Another possibility is to use a forward proxy, which is handled correctly by httpie (the --proxy switch you mentioned). If you care about traffic intercepting, mitmproxy is an option. Wouldn't your problem be solved with one of the configurations described? Thank you, |
|
Thank you for telling me about using the etc/hosts file. |
|
You're welcome, @rhc716 . Feel free to reach out if you have any more questions. |
Is your feature request related to a problem? Please describe.
I am unable to use a reverse proxy server properly. The
--proxyoption is designed for forward proxy use, and since headers are created based on .edgerc host, the proxy causes issues when forwarding requests. There is no available option to keep the headers intact (with the originalhost) while using a reverse proxy server.Describe the solution you'd like
I would like an option that allows me to forward requests through a reverse proxy server while preserving the
hostheaders. This would allow the header to remain consistent with the original host (as defined in.edgerc) and ensure proper authentication and request routing.Describe alternatives you've considered
I've considered manually configuring the reverse proxy server to forward headers correctly, reverse proxy options... and edgerc reverse proxy key...
Additional context
A solution to handle reverse proxy servers while preserving the
hostheader would greatly simplify the process of integrating with external APIs when using proxy servers.The text was updated successfully, but these errors were encountered: