We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Oxwall behind SSL reverse proxy | Forum

Bernd Eckenfels
Bernd Eckenfels Jul 24 '15
Hello,

I am using Oxwall on a machine with Apache serving the content with http. However at the perimeter of our network we run a reverse proxy for all incoming things. This does filtering, SSL termination (secure storage for the certificate) and multiplexing the available addresses as well as redirecting http to https traffic.

So I am running oxwall on port 80 with no http, but the user will see it on 443 with https.

This is not such a uncommon scenario, however I have'nt been able to find a reference to it and how to set it up. I got it working, but I wonder why I need to make code changes:

a) I configure the https-link as the home URL
b) I added the following lines to ow_core/request.php isSsl() to recognize connections coming from the proxy as beeing secure (and in turn avoiding mixed content warnings):

if(isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
&& $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['HTTPS']='on';
$isHttps = true;
} else ...
There is a check for "HTTPS" property but it is not set. Maybe I can instead of making code changes somehow configure apache or php to do that? If not, would it make sense to offer this as a patch (make it configurable "DETECT_SSL=always|never|auto" where the default is never and auto would use the above code?

The Forum post is edited by Bernd Eckenfels Jul 24 '15
UTAN
UTAN Jul 24 '15
Well I have apache 2 and PHP server and Nginx Server as proxy, all seem fine if I use any other of my testbed website and SSL ,I have only got issues with Oxwall CMS system when using SSL , trowing a Endless Redirect..

Are you having same issue as stated...above?
UTAN
UTAN Jul 24 '15
I have manage to stop the endless redirect commenting out :

UTIL_Url::redirect($redirectTo);

in /ow_core/application.php

But when reloading the cache I got errors:

Message: Unable to load template file '/var/www/ow_system_plugins/base/views/controllers/base_turn_dev_mode_on.html'

If I go to the site url works just as fine..
UTAN
UTAN Jul 24 '15
But I am not happy, I don't like workarounds...

Any comments from the DEVs?
Bernd Eckenfels
Bernd Eckenfels Jul 24 '15
Hello,

I had the redirect problem in the beginning as well, but if your OW_HOME_URL (the hostname in it) matches the requested hostname it works.

If you dont add my code workaround you will get mixed content warnings because oxwall is not rewriting the delivered URLs to https (you might not need that if your proxy is doing it).
UTAN
UTAN Jul 24 '15
Hi,
matching up the SSL URI gets me the redirect loop, if I Don't change OW_URL_HOME and leave it as http I get the mix content, so the only way for me not having problems is commenting the line I told you about...

More suggestions appreciated..
UTAN
UTAN Jul 24 '15
By the way , proxy is unencrypting the content once it passed by it..
Bernd Eckenfels
Bernd Eckenfels Jul 24 '15
Can you check if this is the if which causes your redirect (and if yes what the different host names from home url and request are? (as you can see urlRedirectHost only compares the host part, not the scheme or port. But the host (including domain) must match.

https://github.com/...core/application.php
The Forum post is edited by Bernd Eckenfels Jul 24 '15
UTAN
UTAN Jul 24 '15
How would you want me to check?

Commented it and didn't change anything, the error above I had after clearing cache was fixed creating that file and clearing again the cache..

One thing I lost was the abilities to redirect in the url.
UTAN
UTAN Jul 24 '15
The error still showing, but Oxwall isn't showing it...

My node server can see the php session and try to parse the session with the error..

anyone has fixed this redirect issue.?
UTAN
UTAN Jul 24 '15
Where this object::redirect() method is being called?

I have var dumped the Object Method

$redirectTo and comesback with the complete oxwall URI and the page you want to see, going all the way to the:

and making you redirect over and over.

which will make an endless loop since landing there will make you redirect to itself again..
The Forum post is edited by UTAN Jul 24 '15
UTAN
UTAN Jul 24 '15
I have found a more elegant way to fix,

The explanation would be that if you are using a Proxy in front of Apache this won't set the
$_SERVER variables that are being tested in object::isSsl() method on /ow_core/request.php

After further looking how to set them, I found out that you could set in your apache2 vhost for the site that is using SSL, just do set the env variables there.. like this

SetEnv HTTPS "on"

Then after looking at the $_SERVER variable I could found $_SERVER['HTTPS'] were set and all worked just fine..

thanks @Bernd Eckenfels for your help..

Also would be good Idea for the Oxwall Dev to test for variables set by Proxy servers Like NginX..


ross Team
ross Jul 27 '15
Utan, please check this post: http://www.oxwall.org/forum/topic/29619