I am failing to reverse-proxy through an external Apache 2.4 server to a ReviewBoard service (2.6.5.1).
The external server is (let's say) external.example.com. Its Apache config includes: ProxyPass /reviews http://backend.example.com/reviews <Location /reviews> ProxyPassReverse http://backend.example.com/reviews ProxyPassReverseCookieDomain backend.example.com external.example.com RequestHeader unset Accept-Encoding <%= @httpd_auth_thing %> </Location> where the @httpd_auth_thing turns into a standard Apache Basic authentication thing. The backend server (also Apache 2.4) includes standard ReviewBoard runes, i.e. WSGIPassAuthorization On WSGIScriptAlias "/reviews" "<%= @reviewboard_home -%>/htdocs/reviewboard.wsgi/reviews" <Directory "<%= @reviewboard_home -%>/htdocs"> AllowOverride All Options -Indexes +FollowSymLinks # #partain: our addition: AuthName <%= @httpd_auth_name %> AuthUserFile <%= @httpd_auth_user_file %> AuthType Basic <RequireAny> Require valid-user Require local </RequireAny> </Directory> (Puppet fills in the template with obvious things.) I then make admin and user "accounts" through the admin interface. All good. If you use a browser to connect *directly* to backend.example.com/reviews/ (just for testing...), all the ReviewBoard stuff works. If you connect (properly) through external.example.com/reviews/, a fair few things work, e.g. all the admin functions. But if you start doing review things (i.e. tickle the "Web API" ?), things don't go well. One example might be: click to add a comment on a review -- it will take the comment, but never bring up a 'Publish'/'Discard' button, and the comment will in fact not be there. A worry I have: the external.example.com Apache requires Basic authentication. Its username/passwords have nothing to do with ReviewBoard. So... I login to ReviewBoard (apparently OK). But, in subsequent requests, an "Authorization: Basic ...." header (with the *external.example.com* info) is being passed back to backend.example.com, and that *may* be confusing things. For example, I'm logged in as 'admin', looking at a review... I then click on 'Admin' (to go do admin). It asks me to login again -- why? because it thinks I'm 'partain' (because it got that from the [bogus] Basic authentication?). When I changed the ReviewBoard username/password to match the external.example.com HTTP username/password (so that the 'Authorization' info would happen to be correct), that did not appear to help. Is this analysis even partly right? What should I look at next? Does *anyone* have a working reverse-proxied ReviewBoard with Apache? Thanks, Will -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
