@L11R Thanks for sharing your concerns. THUMBAI Proxy does not manipulate the request/response body content. I best guess is; targeted application might be producing a HTML content like that.
Your scenario is typical usage, I have many such hosts configured. This is live instance of THUMBAI https://aahframework.org/thumbai/login . Please use credentials as readonly/readonly have a look on proxy configurations.
I'm looking forward to improve THUMBAI, fix any issues. To track this issue, could you please also create an issue here https://github.com/thumbai/thumbai/issues and Kindly check your application end.
Could you use slack channel for thumbai https://gophers.slack.com/messages/CEQJ9EJPR/ :smile:
mydomain.com/thumbai/login page I cannot even login because when I press "Login" button itself, site redirects me at mydomain.com:8080/thumbai/login page. Where I am getting 404 of course.
https://$host:$port/. Ideally proxy setup are done at entry point, e.g.: port 80 Could you try it on let me know? I hope I got your explanation this time.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080/;
}sub_filter nginx module.
thumbai.conf for scenario "THUMBAI behind another proxy tool". I will think about it. If you have a suggestion, propose it while creating an issue on given URL.
@L11R aah framework has NO limitation as such, you could bend it as you want; aah follows industry practices very well. So you will not have any issues.
It just when I developed THUMBAI, I have developed with certain goals in mind. For example: Thumbai core feature is Go Mod repository, Go vanity server. I didn't put much effort on Proxy feature. That's why it has limitation. I have addressed it by user inputs and suggestions.
sub_filter does not work because of enabled gzip I guess.
In thumbai this file could be your interest I think https://github.com/thumbai/thumbai/blob/master/app/thumbai.go and refer to these two doc page https://docs.aahframework.org/routes-config.html and https://docs.aahframework.org/deployment.html
Running THUMBAI locally have a look configs here at https://github.com/thumbai/thumbai/tree/master/dev-files
Ping me when have any questions.
type MyController struct {
*aah.Context
}
func (a *MyController) MyMethod(point []float64) {
a.Reply().Ok().JSON(point)
}
@/all Hello aah users -
Thank you for using aah framework.
I want to keep you informed about the upcoming aah directions and goals. Also, I would like to convey my apologies for the unexpected in-activeness that happened in aah development due to my day work priorities and commitments.
I want to bring the following improvements and changes in aah framework direction.
- Performing foundation level improvements and organizing the modules with Dependency Injection (DI)
- Optimize, streamline aah code generations for aah user codebase
- Planning to do frequent releases after v0.14.0 release and engaging with user feedback. I know this is going to be a challenging one, but I'm going to aim for it
- Make aah further modular and publish aah developer documentations. Encouraging contributors and creating minimal entry path to contribute. It sparked from aah health module contribution by @adrianlop.
I'm going to make v0.13.0 release as soon as possible with currently completed enhancements, catch up few issues and bug fixes.
I am aiming to release v0.14.0 anytime before the end of the year.
I'm looking forward to your support and co-operation.
~ Jeeva
@TBavaliya_twitter as of now I do not have ready to give CURD example. However this reference bolt NoSQL https://github.com/thumbai/thumbai/blob/master/app/datastore/datastore.go and https://github.com/thumbai/thumbai/blob/master/app/init.go
In general, you will keep a setting for database in the config. Create event function and register in the server events to connect and disconnet database. like above.
Refer to doc: https://docs.aahframework.org/v0.12/auth-schemes/basic.html
and example app: https://github.com/go-aah/examples/tree/master/rest-api-basic-auth
adding your config you should be good.
-----------------------------------------------------------------------------
firstaah - Application Security Configuration
#
Refer documentation to explore and customize the configurations.
Doc: https://docs.aahframework.org/security-config.html
-----------------------------------------------------------------------------
security {
-----------------------------------------------------------------------------
Auth Schemes configuration
Doc: https://docs.aahframework.org/authentication.html
-----------------------------------------------------------------------------
auth_schemes {
# -----------------------------------------------------------------------------
# Basic auth scheme
# Choose a unique key name. It gets used as route auth.
#
# Doc: https://docs.aahframework.org/auth-schemes/basic.html
# -----------------------------------------------------------------------------
basic_auth {
scheme = "basic"
realm_name = "Protected"
file_realm = "applications/firstaah/config/basic-auth-realm.conf"
# Password encoder
# Doc: https://docs.aahframework.org/password-encoders.html
password_encoder = "bcrypt"
} }
-----------------------------------------------------------------------------
Password Encoders Configuration
aah supports bcrypt, scrypt, pbkdf2 password algorithm.
#
Doc: https://docs.aahframework.org/password-encoders.html
-----------------------------------------------------------------------------
password_encoder {
bcrypt {
enable = true
cost = 12
} }
-----------------------------------------------------------------------------
Session configuration
HTTP state management across multiple requests.
#
Doc: https://docs.aahframework.org/security-config.html#section-session
-----------------------------------------------------------------------------
session {
mode = "stateful"
store {
type = "cookie"
}
prefix = "aah_firstaah"
sign_key = "4ec14830062ede4b55e367d7b0208041aa1719804ab6159632f6072ae4b51bfc"
enc_key = "ee87114d2a7d60b96288275310a48637"
}
-----------------------------------------------------------------------------
Anti-CSRF (Cross Site Request Forgery protection)
#
Doc: https://docs.aahframework.org/anti-csrf-protection.html
-----------------------------------------------------------------------------
anti_csrf {
enable = true
sign_key = "225a0e7b54205499ea72be9a27bf67adf7f109367856228095e6e72c2a48afb9"
enc_key = "61b37c436dc0101e76e32fe01502f61e"
}
---------------------------------------------------------------------------
HTTP Secure Header(s)
Application security headers with many safe defaults.
#
Doc: https://docs.aahframework.org/security-config.html#section-http-header
#
Tip: Quick way to verify secure headers - https://securityheaders.io
---------------------------------------------------------------------------
http_header {
enable = true
# X-XSS-Protection
#xxssp = "1; mode=block"
# X-Content-Type-Options
#xcto = "nosniff"
# X-Frame-Options
#xfo = "SAMEORIGIN"
# Referrer-Policy
#rp = "no-referrer-when-downgrade"
# Strict-Transport-Security (STS, aka HSTS)
sts {
#max_age = "720h"
}
# Content-Security-Policy (CSP)
csp {
#directives = ""
report_uri = ""
report_only = true
}
# Public-Key-Pins PKP (aka HPKP)
pkp {
# The Base64 encoded Subject Public Key Information (SPKI) fingerprint.
# These values gets added as `pin-sha256=<key1>; ...`.
#keys = [
#"X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg=",
#"MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec="
#]
max_age = "720h"
report_uri = ""
report_only = true
}
# X-Permitted-Cross-Domain-Policies
#xpcdp = "master-only" }
}