🐛 [BUG]: Resolve GeoServer vs GeoServer-Secured access

[fmigneault]

Summary

Bug related to protected GeoServer requests.

Details

https://github.com/bird-house/birdhouse-deploy/blob/eaa09c2819e5e5dc5bd36dae6827562f3beef1c5/birdhouse/optional-components/README.rst#test-geoserver-secured-access
was made available (as /geoserver-secured) to evaluate GeoServer behind Twitcher.

However, /geoserver is already available through Twitcher verify pre-request when GEOSERVER_SKIP_AUTH=False (default) is set:
https://github.com/bird-house/birdhouse-deploy/blob/eaa09c2819e5e5dc5bd36dae6827562f3beef1c5/birdhouse/components/geoserver/config/proxy/conf.extra-service.d/geoserver.conf.template

birdhouse-deploy/birdhouse/components/geoserver/default.env

Lines 30 to 31 in eaa09c2

	export GEOSERVER_SKIP_AUTH=False
	export GEOSERVER_SKIP_AUTH_PROXY_INCLUDE='$([ x"${GEOSERVER_SKIP_AUTH}" = x"True" ] && echo "return 200;")'

Testing this configuration seems to do the Magpie/Twitcher pre-request as expected, but the resulting request with GeoServer fails.

For example, https://hirondelle.crim.ca/twitcher/ows/proxy/geoserver/api returns (HTTP 400):

 Request failed: HTTPSConnectionPool(host='proxy', port=443): Max retries exceeded with url: /api (Caused by SSLError(CertificateError("hostname 'proxy' doesn't match either of '*.crim.ca', 'crim.ca'"))) 

The above proxy seems to be related to the nginx service doing the redirect.
Maybe the configuration is missing some proxy_set_header Host $host; / proxy_set_header X-Forwarded-Proto $real_scheme; definitions or similar.

To Reproduce

Steps to reproduce the behavior:

1. Use a protected GeoServer instance.
2. Send a request to one of its service paths

Environment

Information	Value
Server/Platform URL	any
Version Tag/Commit	latest
Related issues/PR
Related components	geoserver
Custom configuration	n/a

Concerned Organizations