From 4c70bead985aeedcefa5ade8f5cdefde189dd2fe Mon Sep 17 00:00:00 2001
From: Pierre Bastianelli <pierre.bastianelli@gov.bc.ca>
Date: Fri, 17 Sep 2021 16:40:56 -0700
Subject: [PATCH] feat: express trusts proxies

---
 app/server/index.js                         | 10 ++--------
 helm/nginx-sidecar/templates/configmap.yaml |  5 +++++
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/app/server/index.js b/app/server/index.js
index d66467e8ef..4672c90e8b 100644
--- a/app/server/index.js
+++ b/app/server/index.js
@@ -101,6 +101,8 @@ const getRedirectURL = (req) => {
 app.prepare().then(async () => {
   const server = express();
 
+  server.set('trust proxy', true);
+
   const lightship = createLightship();
 
   lightship.registerShutdownHandler(async () => {
@@ -114,14 +116,6 @@ app.prepare().then(async () => {
 
   server.use(redirectRouter);
 
-  // Enable serving ACME HTTP-01 challenge response written to disk by acme.sh
-  // https://letsencrypt.org/docs/challenge-types/#http-01-challenge
-  // https://github.com/acmesh-official/acme.sh
-  server.use(
-    '/.well-known',
-    express.static(path.resolve(__dirname, '../.well-known'))
-  );
-
   server.use(bodyParser.json({limit: '50mb'}));
 
   // Only allow CORS for the <Analytics /> component
diff --git a/helm/nginx-sidecar/templates/configmap.yaml b/helm/nginx-sidecar/templates/configmap.yaml
index 1e3e25407e..f13ad12bd0 100644
--- a/helm/nginx-sidecar/templates/configmap.yaml
+++ b/helm/nginx-sidecar/templates/configmap.yaml
@@ -16,6 +16,11 @@ data:
       listen [::]:{{ .Values.port }};
 {{- end }}
       server_name  _;
+
+      proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address
+      proxy_set_header X-Forwarded-Proto $scheme; # to forward the  original protocol (HTTP or HTTPS)
+      proxy_set_header Host $host; # to forward the original host requested by the client
+
       location / {
         proxy_pass http://localhost:{{ .Values.internalPort }};
       }