From 48e664c5f58ba9a16dc1adfa35e9ee3f7b2c24dc Mon Sep 17 00:00:00 2001 From: maany Date: Tue, 11 Jun 2024 14:53:45 +0200 Subject: [PATCH] ui: add option to configure `RemoteIPProxyProtocol` directive In deployment scenarios where the Rucio UI sits behind a proxy ( a loadbalancer or another reverse proxy), the client information must be handled by the UI container's httpd process. This PR configures the `RemoteIPProxyProtocol` directive to enable the UI do to so --- ui/README.md | 8 ++++++++ ui/rucio.conf.j2 | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/ui/README.md b/ui/README.md index ca46611..219f712 100644 --- a/ui/README.md +++ b/ui/README.md @@ -100,6 +100,14 @@ This variable can be used to add an additional `ProxyPass` and corresponding `Pr ProxyPassReverse /foo http://bar ``` +### `RUCIO_HTTPD_PROXY_PROTOCOL_ENABLED` + +This variable can be used to enable the `ProxyProtocol` module in the apache config. The default is `Off`. It sets the `RemoteIPProxyProtocol` directive in the apache config. + +### `RUCIO_HTTPD_PROXY_PROTOCOL_EXCEPTIONS` + +This variable can be used to set the `RemoteIPProxyProtocolExceptions` directive in the apache config. If the `RUCIO_HTTPD_PROXY_PROTOCOL_ENABLED` is set to `True`, then the supplied values are excluded from proxy protocol processing. + ## `RUCIO_CFG` configuration parameters: Environment variables can be used to set values for the auto-generated rucio.cfg. The names are derived from the actual names in the configuration file prefixed by `RUCIO_CFG`, e.g., the `default` value in the `database` section becomes `RUCIO_CFG_DATABASE_DEFAULT`. diff --git a/ui/rucio.conf.j2 b/ui/rucio.conf.j2 index d27f2fe..b9bac1c 100644 --- a/ui/rucio.conf.j2 +++ b/ui/rucio.conf.j2 @@ -82,6 +82,10 @@ CacheRoot /tmp ProxyPass {{ RUCIO_HTTPD_ADDITIONAL_PROXY_CONF}} ProxyPassReverse {{ RUCIO_HTTPD_ADDITIONAL_PROXY_CONF }} {% endif %} +{% if RUCIO_HTTPD_PROXY_PROTOCOL_ENABLED | default('False') == 'True' %} + RemoteIPProxyProtocol On + RemoteIPProxyProtocolExceptions 127.0.0.1 ::1 {{ RUCIO_HTTPD_PROXY_PROTOCOL_EXCEPTIONS | default('') }} +{% endif %} {% endmacro %}