From 1d620f3936cbef1b1cf2b284c7d0d7456c8df7cc Mon Sep 17 00:00:00 2001 From: Xuehan Xu Date: Wed, 7 May 2025 12:37:52 +0800 Subject: [PATCH] rgw/rgw_rest: determine the domain uri prefix by rgw_transport_is_secure Instead of relying only on SERVER_PORT_SECURE. This is useful when a proxy is used in front of the rgw for ssl terminations. Fixes: https://tracker.ceph.com/issues/71229 Signed-off-by: Xuehan Xu (cherry picked from commit 12154f287eb86c4dd48d7b6f02c725e858ff99ab) --- src/rgw/rgw_rest.h | 3 +-- src/rgw/rgw_rest_s3.cc | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/rgw/rgw_rest.h b/src/rgw/rgw_rest.h index a302257e428bc..098cb3a3dc47d 100644 --- a/src/rgw/rgw_rest.h +++ b/src/rgw/rgw_rest.h @@ -888,8 +888,7 @@ inline std::string compute_domain_uri(const req_state *s) { std::string uri = (!s->info.domain.empty()) ? s->info.domain : [&s]() -> std::string { RGWEnv const &env(*(s->info.env)); - std::string uri = - env.get("SERVER_PORT_SECURE") ? "https://" : "http://"; + std::string uri = rgw_transport_is_secure(s->cct, env) ? "https://" : "http://"; if (env.exists("SERVER_NAME")) { uri.append(env.get("SERVER_NAME", "")); } else { diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 232e43b8c2924..11f85751b47a9 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -5914,7 +5914,7 @@ int RGWHandler_REST_S3Website::retarget(RGWOp* op, RGWOp** new_op, optional_yiel if (should_redirect) { const string& hostname = s->info.env->get("HTTP_HOST", ""); const string& protocol = - (s->info.env->get("SERVER_PORT_SECURE") ? "https" : "http"); + (rgw_transport_is_secure(s->cct, *s->info.env) ? "https" : "http"); int redirect_code = 0; rrule.apply_rule(protocol, hostname, key_name, &s->redirect, &redirect_code); @@ -6045,7 +6045,7 @@ int RGWHandler_REST_S3Website::error_handler(int err_no, if (should_redirect) { const string& hostname = s->info.env->get("HTTP_HOST", ""); const string& protocol = - (s->info.env->get("SERVER_PORT_SECURE") ? "https" : "http"); + (rgw_transport_is_secure(s->cct, *s->info.env) ? "https" : "http"); int redirect_code = 0; rrule.apply_rule(protocol, hostname, original_object_name, &s->redirect, &redirect_code); -- 2.39.5