Abhi Nandan
03/28/2022, 5:26 AM403
error. We are using the following command on the provider side
pipenv run pact-verifier --provider-base-url=<http://localhost:8000> \
--pact-url="<server_base_url>/pacts/provider/<provider>/consumer/<consumer>/latest" \
--provider-app-version $VERSION \
--pact-broker-username <pact_broker_user_name> \
--pact-broker-password <pact_broker_pwd> \
--publish-verification-results
Provider application is running in docker container on port 8000
. The above command is working fine from the local dev system, however it fails from our CI (GitLab), with the following error -
HTTP request failed: status=403 /usr/local/lib/python3.9/site-packages/pact/bin/pact/lib/vendor/ruby/2.2.0/gems/pact-support-1.17.0/lib/pact/consumer_contract/pact_file.rb:73:in `block in get_remote_with_retry'
on Pact Broker log found this -
WARN -- : attack prevented by Rack::protection::IPSpoofing
nginx log shows the following -
"GET /pacts/provider/<provider_name>/consumer/<consumer_name>/latest HTTP/1.1" 403 9 "-" "Ruby" "<http://xx.xxx.xx.xxx|xx.xxx.xx.xxx>"
can anyone please help us with what is wrong here?Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
def accepts?(env)
return true unless env.include? 'HTTP_X_FORWARDED_FOR'
ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
return false if env.include? 'HTTP_CLIENT_IP' and not ips.include? env['HTTP_CLIENT_IP']
return false if env.include? 'HTTP_X_REAL_IP' and not ips.include? env['HTTP_X_REAL_IP']
true
end
Beth (pactflow.io/Pact Broker/pact-ruby)
Abhi Nandan
03/28/2022, 5:37 AMBeth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Abhi Nandan
03/28/2022, 5:39 AMAbhi Nandan
03/29/2022, 2:37 AMserver {
listen 443 ssl default_server;
server_name localhost;
ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_pass <http://pact-broker:9292>;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme "https";
proxy_set_header X-Forwarded-Port "443";
proxy_set_header X-Forwarded-Ssl "on";
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 80 default_server;
server_name localhost;
location / {
proxy_pass <http://pact-broker:9292>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
am I missing anything?Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Abhi Nandan
03/29/2022, 2:41 AMBeth (pactflow.io/Pact Broker/pact-ruby)
Abhi Nandan
03/29/2022, 2:42 AMBeth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
Beth (pactflow.io/Pact Broker/pact-ruby)
none
Abhi Nandan
03/31/2022, 11:03 AM