forked from opensearch-project/opensearch-ci
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding X-Forwarded-for header in httpd access_log when using port 80 …
…and test case (opensearch-project#411) * adding header on port 80 and test case Signed-off-by: Jeff Lu <[email protected]> * add case for not using SSL Signed-off-by: Jeff Lu <[email protected]> * fix test Signed-off-by: Jeff Lu <[email protected]> --------- Signed-off-by: Jeff Lu <[email protected]>
- Loading branch information
Showing
2 changed files
with
71 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -301,7 +301,9 @@ export class JenkinsMainNode { | |
| <IfModule mod_headers.c> | ||
| Header unset Server | ||
| </IfModule>` | ||
| : `<VirtualHost *:80> | ||
| // eslint-disable-next-line no-useless-escape,max-len | ||
| : `LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined | ||
| <VirtualHost *:80> | ||
| ServerAdmin [email protected] | ||
| ProxyRequests Off | ||
| ProxyPreserveHost On | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -481,3 +481,71 @@ test('Test WAF association with ALB', () => { | |
| }, | ||
| }); | ||
| }); | ||
|
|
||
| test('Test configElement jenkins content to use X-Forwarded-For header on port 443', () => { | ||
| const app = new App({ | ||
| context: { | ||
| useSsl: 'true', runWithOidc: 'false', serverAccessType: 'ipv4', restrictServerAccessTo: '0.0.0.0/0', | ||
| }, | ||
| }); | ||
|
|
||
| // WHEN | ||
| const stack = new CIStack(app, 'MyTestStack', { | ||
| env: { account: 'test-account', region: 'us-east-1' }, | ||
| }); | ||
|
|
||
| // THEN | ||
| Template.fromStack(stack).hasResource('AWS::AutoScaling::AutoScalingGroup', { | ||
| /* eslint-disable max-len */ | ||
| Metadata: { | ||
| 'AWS::CloudFormation::Init': { | ||
| config: { | ||
| files: { | ||
| '/etc/httpd/conf.d/jenkins.conf': { | ||
| // eslint-disable-next-line no-useless-escape,max-len | ||
| content: 'LogFormat "%{X-Forwarded-For}i %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined\n <VirtualHost *:80>\n ServerAdmin webmaster@localhost\n Redirect permanent / https://replace_url.com/\n </VirtualHost>\n <VirtualHost *:443>\n SSLEngine on\n SSLCertificateFile /etc/ssl/certs/test-jenkins.opensearch.org.crt\n SSLCertificateKeyFile /etc/ssl/private/test-jenkins.opensearch.org.key\n SSLCertificateChainFile /etc/ssl/certs/test-jenkins.opensearch.org.pem\n ServerAdmin webmaster@localhost\n ProxyRequests Off\n ProxyPreserveHost On\n AllowEncodedSlashes NoDecode\n <Proxy *>\n Order deny,allow\n Allow from all\n </Proxy>\n ProxyPass / http://localhost:8080/ nocanon\n ProxyPassReverse / http://localhost:8080/\n ProxyPassReverse / http://replace_url.com/\n RequestHeader set X-Forwarded-Proto \"https\"\n RequestHeader set X-Forwarded-Port \"443\"\n </VirtualHost>\n <IfModule mod_headers.c>\n Header unset Server\n </IfModule>', | ||
| encoding: 'plain', | ||
| mode: '000644', | ||
| owner: 'root', | ||
| group: 'root', | ||
| }, | ||
| }, | ||
| }, | ||
| }, | ||
| }, | ||
| }); | ||
| }); | ||
|
|
||
| test('Test configElement jenkins content to use X-Forwarded-For header on port 80', () => { | ||
| const app = new App({ | ||
| context: { | ||
| useSsl: 'false', runWithOidc: 'false', serverAccessType: 'ipv4', restrictServerAccessTo: '0.0.0.0/0', | ||
| }, | ||
| }); | ||
|
|
||
| // WHEN | ||
| const stack = new CIStack(app, 'MyTestStack', { | ||
| env: { account: 'test-account', region: 'us-east-1' }, | ||
| }); | ||
|
|
||
| // THEN | ||
| Template.fromStack(stack).hasResource('AWS::AutoScaling::AutoScalingGroup', { | ||
| /* eslint-disable max-len */ | ||
| Metadata: { | ||
| 'AWS::CloudFormation::Init': { | ||
| config: { | ||
| files: { | ||
| '/etc/httpd/conf.d/jenkins.conf': { | ||
| // eslint-disable-next-line no-useless-escape,max-len | ||
| content: 'LogFormat \"%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"\" combined\n <VirtualHost *:80>\n ServerAdmin [email protected]\n ProxyRequests Off\n ProxyPreserveHost On\n AllowEncodedSlashes NoDecode\n \n <Proxy http://127.0.0.1:8080/>\n Order deny,allow\n Allow from all\n </Proxy>\n \n ProxyPass / http://127.0.0.1:8080/ nocanon\n ProxyPassReverse / http://127.0.0.1:8080/\n </VirtualHost>', | ||
| encoding: 'plain', | ||
| mode: '000644', | ||
| owner: 'root', | ||
| group: 'root', | ||
| }, | ||
| }, | ||
| }, | ||
| }, | ||
| }, | ||
| }); | ||
| }); | ||