support proxy count for proxy fix (#2106)

Co-authored-by: burnettk <burnettk@users.noreply.github.com>

spiffworkflow-backend/src/spiffworkflow_backend/config/default.py

@@ -249,6 +249,9 @@ config_from_env("SPIFFWORKFLOW_BACKEND_DEBUG_TASK_CONSISTENCY", default=False)
 # to make SpiffWorkflow aware that it should return https for the server urls etc rather than http.
 config_from_env("SPIFFWORKFLOW_BACKEND_USE_WERKZEUG_MIDDLEWARE_PROXY_FIX", default=False)
 
+# how many proxies are in front of this flask server (for use with ProxyFix)
+config_from_env("SPIFFWORKFLOW_BACKEND_PROXY_COUNT_FOR_PROXY_FIX", default=0)
+
 # only for DEBUGGING - turn off threaded task execution.
 config_from_env("SPIFFWORKFLOW_BACKEND_USE_THREADS_FOR_TASK_EXECUTION", default=True)
 

spiffworkflow-backend/wsgi.py

@@ -5,10 +5,21 @@ from spiffworkflow_backend.services.acceptance_test_fixtures import load_accepta
 
 app = create_app()
 
+num_proxies = 0
+
+# this is the first configuration spiffworkflow-backend supported.
+# you should use SPIFFWORKFLOW_BACKEND_PROXY_COUNT_FOR_PROXY_FIX instead, since it is more precise.
 if app.config["SPIFFWORKFLOW_BACKEND_USE_WERKZEUG_MIDDLEWARE_PROXY_FIX"]:
+    num_proxies = 1
+
+if app.config["SPIFFWORKFLOW_BACKEND_PROXY_COUNT_FOR_PROXY_FIX"]:
+    num_proxies = int(app.config["SPIFFWORKFLOW_BACKEND_PROXY_COUNT_FOR_PROXY_FIX"])
+
+if num_proxies > 0:
     from werkzeug.middleware.proxy_fix import ProxyFix
 
-    app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1)
+    # https://flask.palletsprojects.com/en/2.2.x/deploying/proxy_fix/
+    app.wsgi_app = ProxyFix(app.wsgi_app, x_for=num_proxies, x_proto=num_proxies, x_host=num_proxies, x_prefix=num_proxies)
 
 # this is in here because when we put it in the create_app function,
 # it also loaded when we were running migrations, which resulted in a chicken/egg thing.