Enabling `FORCE_HTTPS` in Bluemix + CloudFlare (Flexible) triggers infinite redirect loop about staticfile-buildpack HOT 6 CLOSED

I think I know why disabling FORCE_HTTPS did not take effect:

Bluemix sets this in the app's environment variable, and it is persistent.

However, there's no way to remove the environment variable using manifest.yml.
Commenting the manifest.yml is treated as "no-op". And using:

env:
  FORCE_HTTPS:

is (null) not allowed.

Furthermore, it seems FORCE_HTTPS: false is effectively same as FORCE_HTTPS: true ? Update: I've confirmed this in the code https://github.com/cloudfoundry/staticfile-buildpack/blob/master/conf/nginx.conf#L49 that it only checks presence of FORCE_HTTPS, not its value.

By the way, you need to mention this in docs: http://docs.cloudfoundry.org/buildpacks/staticfile/index.html
There's no mention of FORCE_HTTPS anywhere in the docs, the only way I found it is by GitHub issue #55

from staticfile-buildpack.

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/128127631

The labels on this github issue will be updated when the story is started.

from staticfile-buildpack.

Hi @ceefour, interesting problem! We've prioritized a bug investigation/fix here: https://www.pivotaltracker.com/story/show/128127631

We've also included a task to add FORCE_HTTPS to our docs.

from staticfile-buildpack.

@ceefour after doing a more explicit read-through of your issue, we're a bit confused about the current state of your issue/app. Is the redirect problem resolved/an issue with Cloudflare?

Is the only action item here to add notes about FORCE_HTTPS and how the value you assign for that environment variable does not matter (true, false, etc.) to the Cloud Foundry docs?

As a side note, the reason that commenting out FORCE_HTTPS in the manifest does not delete that value is because the Cloud Controller has no direct connection or relation to your app manifest. Your app manifest is used by the CF CLI to know what values to set for things when the CLI talks to the CC API.

For example, if you have a manifest:

env:
  FORCE_HTTPS: true
  OTHER_VAR: 1

and you push your app, the CF CLI parses the manifest and then tells CC API that this app needs to set FORCE_HTTPS to true and OTHER_VAR to 1.

Then, if you alter your manifest to:

env:
  OTHER_VAR: 1

and repush, the CF CLI tells CC API this app needs to set OTHER_VAR to 1. The CF CLI has no state and does not know anything about the FORCE_HTTPS env var you removed from your manifest and will not give any info about it to the CC API on this push.

from staticfile-buildpack.

Yes, there were 3 issues that I wasn't aware how each of them works so
complicated the matter:

1. FORCE_HTTPS: false is still "true"
2. No way to remove setting in manifest.yml
3. CloudFlare's HTTP->HTTPS support (which results in redirect loop when
   FORCE_HTTPS is set even to "false")

For staticfile-buildpack you need to document case 1 better.

For case 2 I'd argue there's need to remove a variable from manifest.yml,
but it is CloudFoundry's spec not staticfile-buildpack. But it is a major
problem as there's currently no way to do it purely from manifest.yml ie
you have no "reproducible" build.

For case 3 it's out of scope, but CloudFlare does this convenience and I
believe others too, so I think it's good to put a warning on this on your
documentation.

On Thu, Aug 18, 2016, 23:38 James Wen [email protected] wrote:

@ceefour https://github.com/ceefour after doing a more explicit
read-through of your issue, we're a bit confused about the current state of
your issue/app. Is the redirect problem resolved/an issue with Cloudflare?

Is the only action item here to add notes about FORCE_HTTPS and how the
value you assign for that environment variable does not matter (true,
false, etc.) to the Cloud Foundry docs?

As a side note, the reason that commenting out FORCE_HTTPS in the
manifest does not delete that value is because the Cloud Controller has no
direct connection or relation to your app manifest. Your app manifest is
used by the CF CLI to know what values to set for things when the CLI talks
to the CC API.

For example, if you have a manifest:

env:
FORCE_HTTPS: true
OTHER_VAR: 1

and you push your app, the CF CLI parses the manifest and then tells CC
API that this app needs to set FORCE_HTTPS to true and OTHER_VAR to 1.

Then, if you alter your manifest to:

env:
OTHER_VAR: 1

and repush, the CF CLI tells CC API this app needs to set OTHER_VAR to 1.
The CF CLI has no state and does not know anything about the FORCE_HTTPS
env var you removed from your manifest and will not give any info about it
to the CC API on this push.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#80 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABeOya1W9BLLnq1uuHiUPkTeCc1_ezhks5qhIpxgaJpZM4Jhx6j
.

from staticfile-buildpack.

For things related to Cloud Foundry as a whole, it might be worth posting to the cf-dev mailing list: https://lists.cloudfoundry.org/archives/list/[email protected]/

It's a good place for overarching discussions, questions, and proposals about Cloud Foundry, which is where something like the concern about environment variables and manifest.yml would go.

Thanks for the feedback on the docs additions. We'll update the docs accordingly.

from staticfile-buildpack.