From b86c7971092ad40ccbaa0bd597109e98740b09e1 Mon Sep 17 00:00:00 2001
From: Chase Sillevis <chase@sillevis.net>
Date: Fri, 18 Mar 2016 14:34:39 +0100
Subject: [PATCH 1/4] Try to understand CloudFront's forwarded-proto as well

Add sanity tests

Fix logic
---
 nginx.tmpl             | 7 +++++++
 test/default-host.bats | 8 ++++++++
 2 files changed, 15 insertions(+)

diff --git a/nginx.tmpl b/nginx.tmpl
index 255cc35..9fabf8a 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -22,6 +22,13 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
   ''      $scheme;
 }
 
+# If we received a HTTP-CloudFront-Forwarded-Proto, pass it through; otherwise,
+# pass along the original value.
+map $http_cloudfront_forwarded_proto $proxy_x_forwarded_proto {
+  default $http_cloudfront_forwarded_proto;
+  ''      $proxy_x_forwarded_proto;
+}
+
 # If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
 # Connection header that may have been passed to this server
 map $http_upgrade $proxy_connection {
diff --git a/test/default-host.bats b/test/default-host.bats
index 4e9d84e..632756d 100644
--- a/test/default-host.bats
+++ b/test/default-host.bats
@@ -29,4 +29,12 @@ function setup {
 	# THEN querying the proxy with any other Host header → 200
 	run curl_container $SUT_CONTAINER / --head --header "Host: something.I.just.made.up"
 	assert_output -l 0 $'HTTP/1.1 200 OK\r'
+
+	# THEN querying the proxy with X-Forwarded-Proto → 200
+	run curl_container $SUT_CONTAINER / --head --header "X-Forwarded-Proto: https"
+	assert_output -l 0 $'HTTP/1.1 200 OK\r'
+
+	# THEN querying the proxy with HTTP-CloudFront-Forwarded-Proto → 200
+	run curl_container $SUT_CONTAINER / --head --header "HTTP-CloudFront-Forwarded-Proto: https"
+	assert_output -l 0 $'HTTP/1.1 200 OK\r'
 }

From c6459aabab9725cce7f12604ba2649d4c8060c73 Mon Sep 17 00:00:00 2001
From: Chase Sillevis <chase@sillevis.net>
Date: Fri, 18 Mar 2016 17:03:25 +0100
Subject: [PATCH 2/4] Renaming one of the params to fly around an nginx bug

---
 nginx.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nginx.tmpl b/nginx.tmpl
index 9fabf8a..b3fddb1 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -17,7 +17,7 @@
 
 # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
 # scheme used to connect to this server
-map $http_x_forwarded_proto $proxy_x_forwarded_proto {
+map $http_x_forwarded_proto $default_forwarded_proto {
   default $http_x_forwarded_proto;
   ''      $scheme;
 }
@@ -26,7 +26,7 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
 # pass along the original value.
 map $http_cloudfront_forwarded_proto $proxy_x_forwarded_proto {
   default $http_cloudfront_forwarded_proto;
-  ''      $proxy_x_forwarded_proto;
+  ''      $default_forwarded_proto;
 }
 
 # If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any

From 0ea155740252200d1b34ce26ddd93a2441640964 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Mon, 20 Jun 2016 18:20:24 -0700
Subject: [PATCH 3/4] fix forego source

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 8cb98cd..a5daf52 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,8 +14,8 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
  && sed -i 's/^http {/&\n    server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
 
 # Install Forego
-RUN wget -P /usr/local/bin https://godist.herokuapp.com/projects/ddollar/forego/releases/current/linux-amd64/forego \
- && chmod u+x /usr/local/bin/forego
+ADD https://github.com/jwilder/forego/releases/download/v0.16.1/forego /usr/local/bin/forego
+RUN chmod u+x /usr/local/bin/forego
 
 ENV DOCKER_GEN_VERSION 0.4.2
 

From 3116eedc0a4ea4e2a25c6421d0ed8656f2c1600e Mon Sep 17 00:00:00 2001
From: Aaron Heckmann <aaron.heckmann+github@gmail.com>
Date: Tue, 21 Jun 2016 08:21:30 -0700
Subject: [PATCH 4/4] use JSON log format

---
 nginx.tmpl | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/nginx.tmpl b/nginx.tmpl
index b3fddb1..b87a512 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -38,9 +38,19 @@ map $http_upgrade $proxy_connection {
 
 gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
-log_format vhost '$host $remote_addr - $remote_user [$time_local] '
-                 '"$request" $status $body_bytes_sent '
-                 '"$http_referer" "$http_user_agent"';
+log_format vhost '{"time": "$time_iso8601", '
+                   '"host": "$host", '
+                   '"remote_addr": "$remote_addr", '
+                   '"remote_user": "$remote_user", '
+                   '"body_bytes_sent": "$body_bytes_sent", '
+                   '"request_time": "$request_time", '
+                   '"status": "$status", '
+                   '"request": "$request", '
+                   '"request_uri": "$uri", '
+                   '"request_method": "$request_method", '
+                   '"http_referrer": "$http_referer", '
+                   '"http_x_forwarded_for": "$http_x_forwarded_for", '
+                   '"http_user_agent": "$http_user_agent"}';
 
 access_log off;