zevenet can not pass request.scheme correctly

[gennpix]

Hello,

zlb can not pass request.scheme(https) to our http backend, could you please help me to resolve it?

Our System Information
Zevenet Version: 5.11.2
Appliance Version: ZCE 6
Kernel Version: 4.19.0-6-amd64
Hostname: zlb1
System Date: Tue Dec 29 16:55:24 2020
zproxy 0.2.4-5.11.2

cfg file as below:

######################################################################
##GLOBAL OPTIONS
User		"root"
Group		"root"
Name		prod-https
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
#ExtendedHTTP	0
## Logging: (goes to syslog by default)
##	0	no logging
##	1	normal
##	2	extended
##	3	Apache-style (common log format)
#LogFacility	local5
LogLevel 	5
## check timeouts:
Timeout		45
ConnTO		20
Alive		10
Client		30
ThreadModel	dynamic
Control 	"/tmp/prod-https_proxy.socket"
DHParams 	"/usr/local/zevenet/app/zproxy/etc/dh2048.pem"
ECDHCurve 	"prime256v1"


#HTTP(S) LISTENERS
ListenHTTPS
	Err414 "/usr/local/zevenet/config/prod-https_Err414.html"
	Err500 "/usr/local/zevenet/config/prod-https_Err500.html"
	Err501 "/usr/local/zevenet/config/prod-https_Err501.html"
	Err503 "/usr/local/zevenet/config/prod-https_Err503.html"
	Address 192.168.2.119
	Port 443
	xHTTP 1
	RewriteLocation 1

	Cert "/usr/local/zevenet/config/certificates/domain.pem"
	Ciphers "ALL"
	Disable SSLv3
	Disable SSLv2
	SSLHonorCipherOrder 1
	#ZWACL-INI

	Service "api"
		##False##HTTPS-backend##
		#DynScale 1
		#BackendCookie "ZENSESSIONID" "domainname.com" "/" 0
		HeadRequire "Host: api.domain.com"
		#Url ""
		#Redirect ""
		StrictTransportSecurity 21600000
		Session
			Type IP
			TTL 120
#			#ID "sessionname"
		End
		#BackEnd

		BackEnd
			Address 192.168.11.249
			Port 8000
			TimeOut 30
			Weight 1
		End
		#End
	End
	#ZWACL-END


	#Service "prod-https"
		##False##HTTPS-backend##
		#DynScale 1
		#BackendCookie "ZENSESSIONID" "domainname.com" "/" 0
		#HeadRequire "Host: "
		#Url ""
		#Redirect ""
		#StrictTransportSecurity 21600000
		#Session
			#Type nothing
			#TTL 120
			#ID "sessionname"
		#End
		#BackEnd

		#End
	#End


End

request url is: https://api.domain.com/, but backend get http scheme (we expect https). If we use nginx as reverse proxy, backend get request scheme is https.

Thank you

[Nctllnty]

oh,i have the same question!

[emiliocampos-zevenet]

Hi guys, could you share the request and the response? You can use curl -v for that purpose. Thanks! El mar, 29 dic 2020 a las 10:13, Nctllnty (<[email protected]>) escribió:

…

oh,i have the same question! — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#94 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AFBQEPFY2T73YIXPN22VR3TSXGMVBANCNFSM4VM7O75A> .

-- Emilio CamposZEVENET Teamwww.zevenet.com <https://www.linkedin.com/company/zevenet> <https://twitter.com/zevenet> <https://www.facebook.com/zevenet> <https://github.com/zevenet> [image: ZEVENET] <https://www.zevenet.com/signature/> DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee please notify the sender immediately by email if you have received it by mistake and delete it from your system, you should not disseminate, distribute or copy this email in whole or in part.

[gennpix]

cur request and response as below:

[emiliocampos-zevenet]

thanks we will investigate further El mié, 30 dic 2020 a las 2:53, maxwow (<[email protected]>) escribió:

…

cur request and response as below: [image: debug] <https://user-images.githubusercontent.com/15207081/103325016-bfdcf700-4a84-11eb-8243-bb1a29b189ba.png> — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#94 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AFBQEPHPOHQSMC72HXDQHW3SXKBYFANCNFSM4VM7O75A> .

-- Emilio CamposZEVENET Teamwww.zevenet.com <https://www.linkedin.com/company/zevenet> <https://twitter.com/zevenet> <https://www.facebook.com/zevenet> <https://github.com/zevenet> [image: ZEVENET] <https://www.zevenet.com/signature/> DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee please notify the sender immediately by email if you have received it by mistake and delete it from your system, you should not disseminate, distribute or copy this email in whole or in part.

[abdessamad-zevenet]

Hi,
The sheme is not part of the HTTP request, it is known just by checking if the connection is using SSL or not. In this case, based on the above cfg file, you have configured a non HTTPS backend, so between the proxy and your backend they talk plain HTTP. if you want HTTPS you need to configure the backend port 8000 to use SSL and enable for the backend the HTTPS option in ZEVENET webGUI, which will add the flag HTTPS to the backend section in the configuration file.