From e70e6b84c245188a5237659f1929e3214e021f4e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Feb 2022 12:48:17 +0100 Subject: [PATCH] internal: trace headers and url for backend requests Signed-off-by: Jens Langhammer --- internal/web/proxy.go | 4 +++- internal/web/tls.go | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/internal/web/proxy.go b/internal/web/proxy.go index 269a1ebbc..1428f28e5 100644 --- a/internal/web/proxy.go +++ b/internal/web/proxy.go @@ -18,6 +18,7 @@ func (ws *WebServer) configureProxy() { director := func(req *http.Request) { req.URL.Scheme = u.Scheme req.URL.Host = u.Host + req.Host = u.Host if _, ok := req.Header["User-Agent"]; !ok { // explicitly disable User-Agent so it's not set to default value req.Header.Set("User-Agent", "") @@ -25,6 +26,7 @@ func (ws *WebServer) configureProxy() { if req.TLS != nil { req.Header.Set("X-Forwarded-Proto", "https") } + ws.log.WithField("url", req.URL.String()).WithField("headers", req.Header).Trace("tracing request to backend") } rp := &httputil.ReverseProxy{Director: director} rp.ErrorHandler = ws.proxyErrorHandler @@ -66,7 +68,7 @@ func (ws *WebServer) configureProxy() { } func (ws *WebServer) proxyErrorHandler(rw http.ResponseWriter, req *http.Request, err error) { - ws.log.Warning(err.Error()) + ws.log.WithError(err).Warning("failed to proxy to backend") rw.WriteHeader(http.StatusBadGateway) em := fmt.Sprintf("failed to connect to authentik backend: %v", err) if !ws.p.IsRunning() { diff --git a/internal/web/tls.go b/internal/web/tls.go index 6a1eb3785..18dce9d1b 100644 --- a/internal/web/tls.go +++ b/internal/web/tls.go @@ -16,6 +16,9 @@ func (ws *WebServer) GetCertificate() func(ch *tls.ClientHelloInfo) (*tls.Certif ws.log.WithError(err).Error("failed to generate default cert") } return func(ch *tls.ClientHelloInfo) (*tls.Certificate, error) { + if ch.ServerName == "" { + return &cert, nil + } if ws.ProxyServer != nil { appCert := ws.ProxyServer.GetCertificate(ch.ServerName) if appCert != nil {