Running manas behind TLS terminated reverse proxy leads to wrongly reconstructed scheme of target uri

[hexagon6]

Dear @damooo

Error

Running manas give me the following info and then error:

manas_http::service::impl_::reconstruct_target_uri: Reconstructed target uri: Proven<IsAbsolute>(HttpUri(http://example.com/databrowser.html))
    at crates/manas_http/src/service/impl_/reconstruct_target_uri.rs:164

leading to

manas_podverse::podset::service::impl_::basic: No provisioned pod resolved for request target. Error:
  - Target not in namespace.

what I would expect:

Configured root_uri matches reconstructed target uri scheme of a request.

Using binary: manas_server_single_fs_wac
Request to: https://example.com/databrowser.html` -> should be able to access the databrowser.

what happens:

Browser can't connect to https://example.com/databrowser.html.

background:

I am trying to run manas behind a TLS-terminated reverse proxy.

• Manas uses no tls configuration
• the reverse proxy does use tls and connects in the backend via http:// to a local private IP.

log

Full log output of request to https://example.com/databrowser.html:

  2024-05-03T14:31:18.986648Z  INFO manas_http::service::impl_::reconstruct_target_uri: Reconstructed target uri: Proven<IsAbsolute>(HttpUri(http://example.com/databrowser.html))
    at crates/manas_http/src/service/impl_/reconstruct_target_uri.rs:164

  2024-05-03T14:31:18.990116Z ERROR manas_podverse::podset::service::impl_::basic: No provisioned pod resolved for request target. Error:
  - Target not in namespace.
    at crates/manas_podverse/src/podset/service/impl_/basic.rs:87
    in manas_podverse::podset::service::impl_::basic::BasicPodSetService::call
    in manas_authentication::challenge_response_framework::service::HttpCRAuthenticationService::call

configuration

My example.com config.toml:

# Should dev mode be enabled.
dev_mode = true

# Storage space config.
[storage.space]
# Uri of the storage root.
root_uri = "https://example.com/"

# Id of the storage owner.
owner_id = "https://any.owner/profile/card#me"

# Repo config.
[storage.repo]
# Whether to enable databrowser frontend.
databrowser_enabled = true

# Repo's file backend config.
[storage.repo.backend]
# Root directory.
root = "/srv/manas"

# Server configuration.
[server]
# Address at which server should listen.
addr = "0.0.0.0:3000"

Note: no [server.tls] is in the config.toml

Debugging help

Would it help if I recorded the http headers between reverse proxy and manas?
Assuming X-Forwarded-For or similar would need to be known maybe?

[damooo]

Sorry @hexagon6 For so late a response.

Current uri handling also works with proxy headers. I should check it properly soon.