Package: prayer
Version: 1.3.5-dfsg1-4
Severity: wishlist
Tags: patch
When running prayer behind a reverse-proxy, it's useful to override
prayer's internally generated guess as to its outward-facing URL. For
example, maybe the proxy terminates TLS, so prayer looks externally as
if it's behind an `https://...' URL, but it sees only plain HTTP.
Here's a patch which adds a new `url_prefix' option for this purpose.
diff --git a/man/prayer.cf.5 b/man/prayer.cf.5
index c559dd3..79c6889 100644
--- a/man/prayer.cf.5
+++ b/man/prayer.cf.5
@@ -344,6 +344,13 @@ Search timeout.
.
.Bl -tag -width Ds
.
+.It Cd url_prefix
+Prayer will generate HTML output under the assumption that
+this is the outward-facing URL of its top-level page,
+rather than attempting to guess.
+Useful if Prayer is running behind a reverse proxy
+or similar.
+.
.It Cd use_http_port , use_https_port
Define a single HTTP[S] port to bind to. You can define an arbitary list
of ports of both kinds by using a series of separate
diff --git a/servers/prayer.c b/servers/prayer.c
index 52e0695..6dfbd37 100644
--- a/servers/prayer.c
+++ b/servers/prayer.c
@@ -69,6 +69,9 @@ char *prayer_url_prefix(struct prayer *prayer, struct pool
*tpool)
{
struct config *config = prayer->config;
+ if (config->url_prefix)
+ return (pool_strdup(tpool, config->url_prefix));
+
if (prayer->use_ssl) {
if (prayer->port == 443)
return (pool_printf(tpool, "https://%s";, config->hostname));
diff --git a/session/session.c b/session/session.c
index c6f9d45..7500687 100644
--- a/session/session.c
+++ b/session/session.c
@@ -529,7 +529,9 @@ void session_setup_urls(struct session *session)
/* Time to define some URLs for this session */
/* Base URL: route back to the login screen */
- if (session->use_ssl) {
+ if (config->url_prefix)
+ session->url_prefix = pool_strdup(p, config->url_prefix);
+ else if (session->use_ssl) {
if (session->frontend_port == 443)
session->url_prefix =
pool_printf(p, "https://%s";, config->hostname);
@@ -553,7 +555,11 @@ void session_setup_urls(struct session *session)
quoted_user = string_url_encode(p, session->username);
/* url_prefix_asession: root for session URLs */
- if (session->use_ssl) {
+ if (config->url_prefix) {
+ session->url_prefix_asession
+ = pool_printf(p, "%s/session/%s:%lu",
+ config->url_prefix, quoted_user, pid);
+ } else if (session->use_ssl) {
if (session->session_port == 443)
session->url_prefix_asession
= pool_printf(p, "https://%s/session/%s:%lu";,
diff --git a/shared/config.c b/shared/config.c
index 479a3d0..4329acf 100644
--- a/shared/config.c
+++ b/shared/config.c
@@ -181,6 +181,7 @@ struct config *config_create(void)
config->hostname = NIL;
config->hostname_service = NIL;
config->hostname_canonical = NIL;
+ config->url_prefix = NIL;
config->referer_log_invalid = T;
config->referer_block_invalid = NIL;
config->fix_client_ipaddr = NIL;
@@ -724,6 +725,8 @@ static struct {
, {
"tmp_dir", config_path, OFFSET(tmp_dir)}
, {
+ "url_prefix", config_string, OFFSET(url_prefix)}
+ , {
"use_agg_unmark", config_bool, OFFSET(use_agg_unmark)}
, {
"use_cookie", config_bool, OFFSET(use_cookie)}
diff --git a/shared/config.h b/shared/config.h
index 6ac09a1..20d3977 100644
--- a/shared/config.h
+++ b/shared/config.h
@@ -105,6 +105,7 @@ struct config {
char *hostname_canonical; /* Overrides gethostbyname */
char *hostname; /* Overrides gethostbyname */
char *hostname_service; /* Login screen, overrides hostname */
+ char *url_prefix; /* URL prefix, overrides hostname, port */
BOOL referer_block_invalid;/* Block logins from unknown referers */
BOOL referer_log_invalid; /* Log invalid referrer headers */
BOOL fix_client_ipaddr; /* Client must login from single addr */
-- System Information:
Debian Release: 9.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: Linux 4.9.0-3-686-pae (SMP w/3 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
