I’m having trouble figuring out where to set a forced HTTPS protocol within the HTTPD & LUA configs that I believe are relevant to what OOD is doing. I see the /rnode Location block within ood-portal.conf and more in node_proxy.lua, but I’m not sure on where to make the proper change. I also don’t want to make all upstream connections use HTTPS, just a few that require it.
I’ve set up my own NGINX instance with Reverse Proxy as a sanity test that works. I really want to leverage the built in OID auth and host/port mapping that comes with OOD Reverse Proxy though. Any tips would be greatly appreciated.
Thanks for verifying the location within LUA → /opt/ood/mod_ood_proxy/lib/ood/proxy.lua
For posterity, I changed the following: local protocol = (r.headers_in['Upgrade'] and "ws://" or "http://")
To:
-- find protocol used by parsing the request headers
-- Check if an upstream port was set for reverse proxies.
local upstreamPort = nil
local isUpstreamPortSet = (r.subprocess_env['MATCH_PORT'] and 'true' or 'false')
if isUpstreamPortSet == 'true' then
upstreamPort = r.subprocess_env['MATCH_PORT']
end
-- Default to ws:// or http:// protocols to upstream hosts
local protocol = (r.headers_in['Upgrade'] and "ws://" or "http://")
if upstreamPort then
-- If specified port was used, then use secure protocols
if upstreamPort == '8443' then
protocol = (r.headers_in['Upgrade'] and "wss://" or "https://")
end
end
You also have to edit /etc/httpd/conf.d/ood-portal.conf and add ‘SSLProxyEngine on’ within the VirtualHost block.
SSLEngine On
SSLProxyEngine on
That was the first LUA I’ve ever been forced to touch, so someone else could do better. It appears to work though (10 mins of testing), and only changes to secure protocols when a specific port is set (8443 in this example).
Other, previously added apps still seem to work (NoVNC desktops, etc…)