[SOLVED] Firewall + nginx not passing request vars to Plone

pigeonflight · August 19, 2020, 5:35pm

For some reason nginx is dropping all request variables.
I have an unusual nginx setup, the machine running plone (ploneserver) is behind a firewall.

The public facing machine is not plone and redirects traffic from port 443 to port 83.
Plone runs on port 8080 and 8081.
The site is served as a subdirectory plonestuff.

So something like this:

[ publicmachine:443 ] / plonestuff
             |
------------------------------------
   {behind the firewall}
       [ nginx:83 ] 
             |
[ plone:8080/8081 ]
-------------------------------------

The resulting url is something like: mysite.com/plonestuff

I'm currently using a configuration like this:

upstream plone {
    server 127.0.0.1:8080;
    server 127.0.0.1:8081;
    keepalive 64;
}
server {
     listen 83 default_server;
location ~/plonestuff(.*)$ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://plone/VirtualHostBase/https/mysite.com:443/Plone/VirtualHostRoot/_vh_plonestuff/$1;
    }

It seems that the request vars are dropped somewhere between the front server and when it gets to Plone. This is a problem whenever plone functionality relies on request vars. For example batching.

mamico · August 19, 2020, 5:58pm

you could try with

$is_args$args

here:

proxy_pass http://plone/VirtualHostBase/https/mysite.com:443/Plone/VirtualHostRoot/_vh_plonestuff/$1$is_args$args;

Mauro.

pigeonflight · August 19, 2020, 6:48pm

works like a charm. Thanks @mamico you're THE man!!!

jaroel · August 19, 2020, 7:14pm

Wouldn't a normal location work just fine?

Like documented here: https://docs.plone.org/manage/deploying/front-end/nginx.html#minimal-nginx-front-end-configuration-for-plone-on-ubuntu-debian-linux

You don't need the proxy_set_header Host probably.

location /plonestuff {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://plone/VirtualHostBase/https/mysite.com:443/Plone/VirtualHostRoot/_vh_plonestuff/;
    }

pigeonflight · August 19, 2020, 7:37pm

Cool!

One thing I didn't mention was that I have other rules which get priority over this one, as a result I couldn't use the normal location. It might be fine under other circumstances.

pigeonflight · August 20, 2020, 12:31pm

In the end I reworked the location rule that was messing with things.
I replaced the catch-all

location ~/(.*)$ {

with

location  / {

This allowed me to use

location /plonestuff {

as suggested by @jaroel