Project

General

Profile

Feature #717

Add an option to overwrite foreman_url value for reverse proxy use

Added by Jeff Weiss over 8 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Unattended installations
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Old title : Foreman UI passes wrong urls to backend config files

I have foreman running on a private subnet. I forward a port from hostbox to foreman-box so that I can access the foreman UI from a browser. While I access foreman at http://hostbox:5000/, it's actually running on http://foreman-box:3000/.

The problem shows up when I do "Build PXE Default".

[root@jweiss-foreman-1 tftpboot]# more pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE PXE Menu
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT 0

LABEL Kickstart Default - hg1
kernel boot/JeffLinux-1.0-x86_64-vmlinuz
append initrd=boot/JeffLinux-1.0-x86_64-initrd.img ks=http://hostbox:5000/unattended/template/Kickstart%20Default/hg1 ksdevice=bootif network kssendmac

-----------
notice the use of "hostbox" in the ks attribute. Hosts on the private subnet should not be connecting to foreman that way. Foreman not be taking the HTTP headers from one user's browser session and using that as foreman's official address in PXE configs.

This is foreman-0.1.7-rc5.1.noarch rpm


Related issues

Related to Foreman - Bug #3569: Port in use by the browser is used in rendering the templatesClosed2013-11-04

History

#1 Updated by Ohad Levy over 8 years ago

imho there are 3 ways to handle this problem:

1. hard code the value that you want in the template
2. have a configurable setting for where foreman host can be found (required to generate the ks file).
3. use the browser defaults if the 2 above do not exists.

at the moment, 2 does not exists, but 1 and 2 are almost the same, so I didnt implement it.

what do you think?

#2 Updated by Ohad Levy over 8 years ago

  • Status changed from New to Feedback

#3 Updated by Benjamin Papillon about 7 years ago

  • Tracker changed from Bug to Feature
  • Subject changed from Foreman UI passes wrong urls to backend config files to Add an option to overwrite foreman_url value for reverse proxy use
  • Category set to Unattended installations
  • Status changed from Feedback to New

I change this ticket to feature request. The issue is not a bug it is a consequence of using a reverse proxy with a change of URL.
The solution for foreman is to possess an option to overwrite the foreman_url parameter with the hostname visible from clients.

As suggested by Ohad, the workaround is to hardcode your own parameter at the moment.

#4 Updated by Benjamin Papillon almost 7 years ago

  • Status changed from New to Feedback

A new setting has been added : Settings[:foreman_url]
Can you test a recent snapshot and confirm this solves your problem?

Benjamin

#5 Updated by Martijn van Oosterhout over 6 years ago

I'm not the original submitter but am also interested in running behind a reverse proxy. I'm currently running 1.1-stable and it sorta works, but not really. The foreman_url parameter exists and it is sometimes used.

What I would like to have is: foreman_url=https://revproxy.company.com/foreman/

What breaks is that all references to CSS and Javascript use links like /javascript, when they should become /foreman/javascript.

I have no experience with Ruby, but in Django you fix this in two steps. One being that you can configure a URL for static resources, which deals with images/JS/CSS. The other being that you can specify a prefix for all URLs, essentially fixing the link_to() method. Or have an option that, if it is set, adds a path to the front of the url path routing. Although this requires a slightly different reverse proxy setup.

I can't say whether the original problem is solved though.

#6 Updated by Benjamin Papillon over 6 years ago

  • Status changed from Feedback to New

#7 Updated by Dominic Cleal almost 6 years ago

  • Description updated (diff)
  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Original problem has also been resolved via #3569 which adds an unattended_url setting (for templates) to complement foreman_url (for web access).

#8 Updated by Dominic Cleal almost 6 years ago

  • Related to Bug #3569: Port in use by the browser is used in rendering the templates added

Also available in: Atom PDF