From b05884b8bf01c720672bd6d48a1d93689186aa52 Mon Sep 17 00:00:00 2001
From: Jaime Martinez <jmartinez@gitlab.com>
Date: Mon, 17 Feb 2020 11:33:15 +1100
Subject: [PATCH] DO NOT MERGE: Traefik reverse-proxy test for ProxyHeaders

Related to #219
---
 internal/request/request.go   |  1 +
 test/proxy/Dockerfile         |  7 ++++++
 test/proxy/docker-compose.yml | 41 +++++++++++++++++++++++++++++++++++
 test/proxy/traefik.yml        | 14 ++++++++++++
 4 files changed, 63 insertions(+)
 create mode 100644 test/proxy/Dockerfile
 create mode 100644 test/proxy/docker-compose.yml
 create mode 100644 test/proxy/traefik.yml

diff --git a/internal/request/request.go b/internal/request/request.go
index ba56f45b8..2ef138fa6 100644
--- a/internal/request/request.go
+++ b/internal/request/request.go
@@ -37,6 +37,7 @@ func WithHTTPSFlag(r *http.Request, https bool) *http.Request {
 func IsHTTPS(r *http.Request) bool {
 	https := r.Context().Value(ctxHTTPSKey).(bool)
 
+	log.Infof("request.IsHTTPS... scheme: '%s' ctxHTTPSKey: '%t'", r.URL.Scheme, https)
 	if https != (r.URL.Scheme == SchemeHTTPS) {
 		log.WithFields(log.Fields{
 			"ctxHTTPSKey": https,
diff --git a/test/proxy/Dockerfile b/test/proxy/Dockerfile
new file mode 100644
index 000000000..c0f6e34f1
--- /dev/null
+++ b/test/proxy/Dockerfile
@@ -0,0 +1,7 @@
+FROM golang:1.13.7
+
+WORKDIR app
+EXPOSE 3010
+COPY . /go/app/
+
+RUN make gitlab-pages
diff --git a/test/proxy/docker-compose.yml b/test/proxy/docker-compose.yml
new file mode 100644
index 000000000..806cb5ba3
--- /dev/null
+++ b/test/proxy/docker-compose.yml
@@ -0,0 +1,41 @@
+version: '3'
+
+services:
+  reverse-proxy:
+    # The official v2.0 Traefik docker image
+    image: traefik:v2.1.4
+    # Enables the web UI and tells Traefik to listen to docker
+#    command: --providers.docker # --api.insecure=true
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+#      - "3010:3010"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./traefik.yml:/traefik.yml
+  pages:
+    build:
+      context: ../..
+      dockerfile: test/proxy/Dockerfile
+    volumes:
+      - /Users/jaime/dev/gitlab/ee/gitlab/shared/pages:/go/app/shared/pages
+    ports:
+      - "3010"
+    command: ./gitlab-pages -daemon-inplace-chroot -listen-proxy :3010 -artifacts-server http://10.8.244.99:3000/api/v4 -pages-root /go/app/shared/pages -pages-domain docker.localhost -log-verbose
+    depends_on:
+      - reverse-proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.pages.rule=Host(`root.docker.localhost`)"
+      - "traefik.http.routers.pages.entrypoints=web"
+      - "traefik.http.routers.pages.service=pages"
+      - "traefik.http.services.pages.loadbalancer.passhostheader=false"
+      - "traefik.http.routers.pages-secure.rule=Host(`root.docker.localhost`)"
+      - "traefik.http.routers.pages-secure.entrypoints=websecure"
+      - "traefik.http.routers.pages-secure.tls=true"
+      - "traefik.http.routers.pages-secure.service=pages-secure"
+      - "traefik.http.services.pages-secure.loadbalancer.passhostheader=false"
diff --git a/test/proxy/traefik.yml b/test/proxy/traefik.yml
new file mode 100644
index 000000000..872d231b6
--- /dev/null
+++ b/test/proxy/traefik.yml
@@ -0,0 +1,14 @@
+entryPoints:
+  web:
+    address: ":80"
+
+  websecure:
+    address: ":443"
+
+api:
+  dashboard: true
+  insecure: true
+accessLog: {}
+
+providers:
+  docker: {}
-- 
GitLab