Issue with reverse proxy

mozeodbiore · April 29, 2022, 11:05am

Hello, I’m using eventstore:21.10.2-bionic docker image and trying to setup access to webui via reverse proxy. Unfortunately can’t get X-Forwarded-Prefix header to work for me
Other headers are working. Any idea?
I think in my example response should look like
“Location: https://my_host:888/my_prefix/web/index.html”
but prefix is missing in respone.

eventstore@eventstoredb:/opt/eventstore$ curl -i -H “X-Forwarded-Prefix: my_prefix” -H “X-Forwarded-Host: my_host” -H “X-Forwarded-Port:888” -H “X-Forwarded-Proto:https” http://localhost:2113/
HTTP/1.1 302 Found
Date: Fri, 29 Apr 2022 11:02:34 GMT
Content-Type: text/plain; charset=utf-8
Server: Kestrel
Content-Length: 5
Location: https://my_host:888/web/index.html
Access-Control-Allow-Headers: Content-Type, X-Requested-With, X-Forwarded-Host, X-Forwarded-Prefix, X-PINGOTHER, Authorization, ES-LongPoll, ES-ExpectedVersion, ES-EventId, ES-EventType, ES-RequireMaster, ES-RequireLeader, ES-HardDelete, ES-ResolveLinkTos
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ES-Position, ES-CurrentVersion

Regards.

yves.lorphelin · April 29, 2022, 11:28am

we’re not really advising to put a reverse proxy in front of the database.
Quick question:
I see
https://my_host:888 is the reverse proxy doing TLS termination ?
if not http://localhost:2113/ should be httpS://localhost:2113

a copy if the configuration will help as well

mozeodbiore · April 29, 2022, 11:38am

“https://” here is to prove that “X-Forwarded-Proto:https” is working. curl is sending query via “http://”.
I’m using reverse proxy for developers to access UI.
My compose file:
eventstoredb:
image: eventstore/eventstore:21.10.2-bionic
hostname: eventstoredb
container_name: eventstoredb
environment:
EVENTSTORE_CLUSTER_SIZE: “1”
EVENTSTORE_RUN_PROJECTIONS: “All”
EVENTSTORE_START_STANDARD_PROJECTIONS: “true”
EVENTSTORE_EXT_TCP_PORT: “1113”
EVENTSTORE_HTTP_PORT: “2113”
EVENTSTORE_LOG_LEVEL: “verbose”
EVENTSTORE_LOG_HTTP_REQUESTS: “true”
EVENTSTORE_INSECURE: “true”
EVENTSTORE_ENABLE_EXTERNAL_TCP: “true”
EVENTSTORE_ENABLE_ATOM_PUB_OVER_HTTP: “true”

yves.lorphelin · April 29, 2022, 12:00pm

you need to expose the port , and this does not need a reverse proxy
see here for a minimal compose file ( single node , insecure mode ) :

github.com

EventStore/training-introduction-dotnet/blob/master/docker-compose.yml

version: '3.7'

services:
  eventstore.db:
    image: eventstore/eventstore:21.10.0-buster-slim
#    image: ghcr.io/eventstore/eventstore:21.10.0-alpha-arm64v8
    environment:
      - EVENTSTORE_INSECURE=true
      - EVENTSTORE_RUN_PROJECTIONS=all
      - EVENTSTORE_START_STANDARD_PROJECTIONS=true
      - EVENTSTORE_ENABLE_ATOM_PUB_OVER_HTTP=true
    ports:
      - "2113:2113"

mozeodbiore · April 29, 2022, 12:10pm

I’m using curl in eventstoredb container itself, it is not an network connection issue.

yves.lorphelin · April 29, 2022, 12:10pm

Why not curl -i http://localhost:2113 then ?
Again , putting a reverse proxy in front of the DB is not recommended