Add an option to overwrite foreman_url value for reverse proxy use
Old title : Foreman UI passes wrong urls to backend config files
I have foreman running on a private subnet. I forward a port from hostbox to foreman-box so that I can access the foreman UI from a browser. While I access foreman at http://hostbox:5000/, it's actually running on http://foreman-box:3000/.
The problem shows up when I do "Build PXE Default".
[root@jweiss-foreman-1 tftpboot]# more pxelinux.cfg/default
MENU TITLE PXE Menu
MENU LABEL (local)
LABEL Kickstart Default - hg1
append initrd=boot/JeffLinux-1.0-x86_64-initrd.img ks=http://hostbox:5000/unattended/template/Kickstart%20Default/hg1 ksdevice=bootif network kssendmac
notice the use of "hostbox" in the ks attribute. Hosts on the private subnet should not be connecting to foreman that way. Foreman not be taking the HTTP headers from one user's browser session and using that as foreman's official address in PXE configs.
This is foreman-0.1.7-rc5.1.noarch rpm
#1 Updated by Ohad Levy almost 9 years ago
imho there are 3 ways to handle this problem:
1. hard code the value that you want in the template
2. have a configurable setting for where foreman host can be found (required to generate the ks file).
3. use the browser defaults if the 2 above do not exists.
at the moment, 2 does not exists, but 1 and 2 are almost the same, so I didnt implement it.
what do you think?
#3 Updated by Benjamin Papillon over 7 years ago
- Tracker changed from Bug to Feature
- Subject changed from Foreman UI passes wrong urls to backend config files to Add an option to overwrite foreman_url value for reverse proxy use
- Category set to Unattended installations
- Status changed from Feedback to New
I change this ticket to feature request. The issue is not a bug it is a consequence of using a reverse proxy with a change of URL.
The solution for foreman is to possess an option to overwrite the foreman_url parameter with the hostname visible from clients.
As suggested by Ohad, the workaround is to hardcode your own parameter at the moment.
#5 Updated by Martijn van Oosterhout almost 7 years ago
I'm not the original submitter but am also interested in running behind a reverse proxy. I'm currently running 1.1-stable and it sorta works, but not really. The foreman_url parameter exists and it is sometimes used.
What I would like to have is: foreman_url=https://revproxy.company.com/foreman/
I have no experience with Ruby, but in Django you fix this in two steps. One being that you can configure a URL for static resources, which deals with images/JS/CSS. The other being that you can specify a prefix for all URLs, essentially fixing the link_to() method. Or have an option that, if it is set, adds a path to the front of the url path routing. Although this requires a slightly different reverse proxy setup.
I can't say whether the original problem is solved though.