The Host header will help the destination request identify which
service the request is meant for. This can potentially be an internal
endpoint identifier.
X-Forwarded-Host is meant to have the external facing server endpoint.
This means that: if the user wants to expose internal.service.com which
resolves to some internal IP as external.service.com, then:
* Host header has to be internal.service.com
* X-Forwarded-Host is external.service.com
* proxy_pass to internal.service.com
The default when proxying is $proxy_host.
Proxied apps must used X-Forwarded-Host header to determine the intended
target. I think we overwrote the Host header back in the day because apps
had varied support for this. Ideally, it can be removed across all our configurations.
Previously, the du plugin was collecting data every 20 seconds but
carbon was configured to only keep data every 12 hours causing much
confusion.
In the process of reworking this, it was determined:
* No need to collect disk usage info over time. Not sure how that is useful
* Instead, collect CPU/Network/Block info over time. We get this now from docker stats
* We also collect info about the services (addon containers)
* No need to reconfigure collectd for each app change anymore since there is no per
app collectd configuration anymore.
can verify stapling using openssl s_client -connect hostname:443 -status
status_request is RFC6066. there is also status_request_v2 (RFC6961) but this is
not implemented even in openssl libs yet
had to move the ~ login/logout regexp inside. This is because of
https://www.ruby-forum.com/t/proxy-pass-location-inheritance/239135
What it says is that a regexp inside a matching location prefix is
given precedence regardless of how it appears in the file. This means
that the negative regexp got precedence over login|logout and thus
went into infinite redirect. By moving it to same level, the regexps
are considered in order.
Some notes on nginx location:
* First, it will match the prefixes (= and the /). If =, the matching stops.
If /xx then the longest match is "remembered"
* It will then match the regex inside the longest match. First match wins
* It will then match the rest of the regex locations. First match win
* If no regex matched, it will then do the remembered longest prefix
fixes#762
the main reason this is under app and not domain is because it let's
the user know that an app has to be installed for the whole thing to work.
part of #703
