🐳 Fix proxy-setup with docker-compose

We need to rewrite the Host header when we make API calls to
localhost:8001 and localhost:8002 from the test suite, since the URLs
need to be resolvable from container-to-container.

However, the previous setup broke the local docker-compose setup for
login to the admin because the cookie domain is set to the internal
service names, so logging in was no longer possible due to a missing
csrftoken cookie (as we log in on localhost, not the internal
service names).

Only overwriting the Host header in /api/ subpaths is a pragmatic
approach that should solve this, since CSRF cookies are not used in
the API.

Furthermore, the browser sends an Oigin header of localhost:800x,
but this is different from the Host seen by Django due to the
proxy_pass directive, which also results in CSRF issues. The solution
is to enable X-Forwarded-Host header and calculate it in nginx, so
that it matches. For this match to happen, we also need to add the
port number and keep the mapped docker-compose port and nginx server
block ports in sync, since different ports lead to different origins.

Author: sergei-maertens

docker/docker-compose.objects-apis.yml

@@ -25,6 +25,7 @@ services:
       - DJANGO_SETTINGS_MODULE=objecttypes.conf.docker
       - SECRET_KEY=${SECRET_KEY:-fgv=c0hz&tl*8*3m3893@m+1pstrvidc9e^5@fpspmg%cy$15d}
       - ALLOWED_HOSTS=*
+      - USE_X_FORWARDED_HOST=true
       - DB_HOST=objects-objecttypes-db
       - DB_NAME=objecttypes
       - DB_USER=objecttypes
@@ -44,11 +45,12 @@ services:
       - open-forms-dev
 
   objects-web:
-    image: maykinmedia/objects-api:${OBJECTS_VERSION:-2.3.1}
+    image: maykinmedia/objects-api:${OBJECTS_VERSION:-2.3.2}
     environment: &objects_web_env
       - DJANGO_SETINGS_MODULE=objects.conf.docker
       - SECRET_KEY=${SECRET_KEY:-fgv=c0hz&tl*8*3m3893@m+1pstrvidc9e^5@fpspmg%cy$15d}
       - ALLOWED_HOSTS=*
+      - USE_X_FORWARDED_HOST=true
       - DB_HOST=objects-objecttypes-db
       - DB_NAME=objects
       - DB_USER=objects
@@ -86,8 +88,8 @@ services:
     volumes:
       - ./objects-apis/nginx.conf:/etc/nginx/conf.d/default.conf
     ports:
-      - '8001:80'
-      - '8002:81'
+      - '8001:8001'
+      - '8002:8002'
     depends_on:
       - objects-web
       - objecttypes-web

docker/objects-apis/fixtures/objects_api_fixtures.json

@@ -28,8 +28,9 @@
 },
 {
     "model": "token.tokenauth",
-    "pk": "7657474c3d75f56ae0abd0d1bf7994b09964dca9",
+    "pk": 1,
     "fields": {
+        "token": "7657474c3d75f56ae0abd0d1bf7994b09964dca9",
         "contact_person": "Admin",
         "email": "admin@example.com",
         "organization": "",
@@ -43,7 +44,7 @@
     "model": "token.permission",
     "pk": 1,
     "fields": {
-        "token_auth": "7657474c3d75f56ae0abd0d1bf7994b09964dca9",
+        "token_auth": 1,
         "object_type": 1,
         "mode": "read_and_write",
         "use_fields": false,
@@ -54,7 +55,7 @@
     "model": "token.permission",
     "pk": 2,
     "fields": {
-        "token_auth": "7657474c3d75f56ae0abd0d1bf7994b09964dca9",
+        "token_auth": 1,
         "object_type": 2,
         "mode": "read_and_write",
         "use_fields": false,
@@ -65,7 +66,7 @@
     "model": "token.permission",
     "pk": 3,
     "fields": {
-        "token_auth": "7657474c3d75f56ae0abd0d1bf7994b09964dca9",
+        "token_auth": 1,
         "object_type": 3,
         "mode": "read_and_write",
         "use_fields": false,

docker/objects-apis/nginx.conf

@@ -1,18 +1,28 @@
 server {
-    listen       80;
+    listen       8001;
     server_name  localhost;
 
     location / {
+        proxy_pass   http://objecttypes-web:8000;
+        proxy_set_header X-Forwarded-Host $host:$server_port;
+    }
+
+    location /api/ {
         proxy_pass   http://objecttypes-web:8000;
         proxy_set_header Host objecttypes-web:8000;
     }
 }
 
 server {
-    listen       81;
+    listen       8002;
     server_name  localhost;
 
     location / {
+        proxy_pass   http://objects-web:8000;
+        proxy_set_header X-Forwarded-Host $host:$server_port;
+    }
+
+    location /api/ {
         proxy_pass   http://objects-web:8000;
         proxy_set_header Host objects-web:8000;
     }