Several of us recommend the reverse proxy for WE, including Travis (Xojo inc). It’s very simple, very effective, without limitation. it works perfectly with almost all modern web servers, even on Windows.
But in some cases (SSL with third-party libraries: Google maps …), it is necessary that Xojo handle a “X-Forwarded-Proto: https” header, so that communication works perfectly. And this is not the case: the browser displays alerts, the page does not appear, etc.
I just realized that the IP address (session.remoteAddress) must also be false (I have not tested) because the reverse proxy provides its own IP and protocol to Xojo app. This is why web servers (Apache, Microsoft IIS, nginx, lighttpd, abyss webserver …) and load balancers (Elastic Load Balancing, GeekISP, Rackspace …) provide two headers to Xojo app:
Olivier - this is a good request, I will give it a vote.
Also, you can use something like this to get the IP if you know the name of the header your proxy adds. Below is what I use with Haproxy + standalone and it works great.
[code]Function RemoteAddressFinal(Extends sess as WebSession) As String
//X-Forwarded-For seems to be a coma seperated list of addresses adding one remote address on each proxy pass. the first should be the client but that may be a private ip
//X-Real-IP seems to be less commonly used but contain only the remote address of the last proxy pass
Dim result as String
result = sess.Header(“X-Real-IP”)
if result <> “” then return result
result = sess.Header(“X-Forwarded-For”).NthField(", ", 1)
if result <> “” then return result
return sess.RemoteAddress
End Function
[/code]
and
[code]Function SecureFinal(Extends sess as WebSession) As Boolean
//somehow there is also a Session.Header(“HTTPS”)=“on” (see Xojo Doc on WebSession.Header), don’t know how this should be treated
if sess.Header(“X-Forwarded-Proto”) = “” then
return sess.Secure
else
if sess.Header(“X-Forwarded-Proto”) = “https” then
return true
else
return false
end if
end if