feat: express trusts proxies

bcgov · Sep 21, 2021 · 4c70bea · 4c70bea
1 parent b4a62a2
commit 4c70bea
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/app/server/index.js b/app/server/index.js
@@ -101,6 +101,8 @@ const getRedirectURL = (req) => {
 app.prepare().then(async () => {
   const server = express();
 
+  server.set('trust proxy', true);
+
   const lightship = createLightship();
 
   lightship.registerShutdownHandler(async () => {
@@ -114,14 +116,6 @@ app.prepare().then(async () => {
 
   server.use(redirectRouter);
 
-  // Enable serving ACME HTTP-01 challenge response written to disk by acme.sh
-  // https://letsencrypt.org/docs/challenge-types/#http-01-challenge
-  // https://github.com/acmesh-official/acme.sh
-  server.use(
-    '/.well-known',
-    express.static(path.resolve(__dirname, '../.well-known'))
-  );
-
   server.use(bodyParser.json({limit: '50mb'}));
 
   // Only allow CORS for the <Analytics /> component

diff --git a/helm/nginx-sidecar/templates/configmap.yaml b/helm/nginx-sidecar/templates/configmap.yaml
@@ -16,6 +16,11 @@ data:
       listen [::]:{{ .Values.port }};
 {{- end }}
       server_name  _;
+
+      proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address
+      proxy_set_header X-Forwarded-Proto $scheme; # to forward the  original protocol (HTTP or HTTPS)
+      proxy_set_header Host $host; # to forward the original host requested by the client
+
       location / {
         proxy_pass http://localhost:{{ .Values.internalPort }};
       }