When terminating TLS on a reverse proxy in front of script-server, any redirects returned by script-server should use the HTTPS scheme, but the current behavior is that they use HTTP regardless. https://github.com/bugy/script-server/wiki/Reverse-Proxy-setup says to set the X-Scheme header in this scenario, but it is not respected.
Here's a docker-compose.yml to reproduce the issue:
---
version: '3.1'
services:
script-server:
image: bugy/script-server:dev
reverse-proxy:
image: caddy:2.3.0
command:
- sh
- -c
- |
echo -e 'localhost
reverse_proxy script-server:5000 {
header_up X-Scheme {scheme}
}' | caddy run --adapter caddyfile --config -
ports:
- 127.0.0.1:443:443
When querying via HTTPS, script-server issues a redirect back to HTTP:
$ curl -k -v https://localhost 2>&1 | grep -i location:
< location: http://localhost/index.html
(It's also worth noting that X-Scheme is a nonstandard header. X-Forwarded-Proto is the more de-facto standard and the proto directive of the Forwarded header is an actual standard.)
When terminating TLS on a reverse proxy in front of
script-server, any redirects returned byscript-servershould use the HTTPS scheme, but the current behavior is that they use HTTP regardless. https://github.com/bugy/script-server/wiki/Reverse-Proxy-setup says to set theX-Schemeheader in this scenario, but it is not respected.Here's a
docker-compose.ymlto reproduce the issue:When querying via HTTPS,
script-serverissues a redirect back to HTTP:(It's also worth noting that
X-Schemeis a nonstandard header.X-Forwarded-Protois the more de-facto standard and theprotodirective of theForwardedheader is an actual standard.)