Merge pull request #561 from Swirrl/sl/api-downgraded-http-456

Fix: API redirects downgraded from HTTPS to HTTP in prod

drafter/src/drafter/handler.clj

@@ -54,7 +54,10 @@
                      (add-routes (denv/env-specific-routes backend))
                      (add-route app-routes))
 
-                 :ring-defaults (assoc-in api-defaults [:params :multipart] true)
+                 :ring-defaults (-> (assoc-in api-defaults [:params :multipart] true)
+                                    ;; Enables wrap-forwarded-scheme middleware. Essential in prod
+                                    ;; env when scheme needs to be passed through from load balancer
+                                    (assoc :proxy true))
                  ;; add custom middleware here
                  :middleware [#(wrap-resource % "swagger-ui")
                               wrap-verbs

package/nginx/drafter-api.template

@@ -4,6 +4,17 @@ server {
   rewrite  ^ https://$server_name$request_uri? permanent;
 }
 
+# Sets a $real_scheme variable whose value is the scheme passed by the load
+# balancer in X-Forwarded-Proto (if any), defaulting to $scheme.
+#
+# Similar to how the HttpRealIp module treats X-Forwarded-For.
+# This ensures that we make ring redirects in production work properly.
+# See https://github.com/Swirrl/drafter/pull/561
+map $http_x_forwarded_proto $real_scheme {
+  default $http_x_forwarded_proto;
+  ''      $scheme;
+}
+
 server {
     # listen includes keepalive for the listening socket
     listen 443 so_keepalive=30m:10:10;
@@ -22,7 +33,7 @@ server {
       proxy_set_header            Host $host;
       proxy_set_header            X-Real-IP $remote_addr;
       proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header            X-Forwarded-Proto $scheme;
+      proxy_set_header            X-Forwarded-Proto $real_scheme;
    }
 
    ## Note you can comment out the above and replace with this if you dont want full api access