| commit | 56e75e4aef3ea42d13b192e805c48357b0071239 | [log] [tgz] |
|---|---|---|
| author | Jens Harbott <frickler@offenerstapel.de> | Tue Sep 28 20:02:34 2021 +0200 |
| committer | Jens Harbott <frickler@offenerstapel.de> | Tue Sep 28 20:05:08 2021 +0200 |
| tree | 1ada55bdf53f1c3ae5ec93a0ea34805a17f20ae3 | |
| parent | 8d1bfcacf8ffc73f0aa8c8a8a9e0fee447a1c116 [diff] |
Fix uwsgi config for trailing slashes The apache mod_proxy documentation[0] says that trailing slashes need to match for the ProxyPass statement. Since adding a slash to the redirected url would break things that need to access endpoints like /identity without anything added, we need to drop the trailing slash for the target URL. See [1] for the discussion of the CVE fix that changed the previous behavior. [0] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass [1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274 Depends-On: https://review.opendev.org/c/openstack/devstack/+/811389 Change-Id: Ia6b1a41957833fba87a2e6f048d2483267632385
diff --git a/lib/apache b/lib/apache index 04259ba..4bea07d 100644 --- a/lib/apache +++ b/lib/apache
@@ -303,7 +303,7 @@ apache_conf=$(apache_site_config_for $name) iniset "$file" uwsgi socket "$socket" iniset "$file" uwsgi chmod-socket 666 - echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf + echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}\" retry=0 " | sudo tee -a $apache_conf enable_apache_site $name restart_apache_server fi