File upload is broken when SSL is offloaded on a reverse proxy #89
Description
Used configuration
CommunityServer is being launched from docker container like this:
onlyoffice-cs:
image: onlyoffice/communityserver:9.5.2.546
restart: always
stdin_open: true
tty: true
container_name: onlyoffice-cs
external_links:
- onlyoffice-ds:document_server
ports:
- "172.17.0.1:5080:80"
- "172.17.0.1:50443:443"
- "5222:5222"
volumes:
- /home/████████/server_data/onlyoffice/cs/logs:/var/log/onlyoffice
- /home/████████/server_data/onlyoffice/cs/data:/var/www/onlyoffice/Data
- /home/████████/server_data/onlyoffice/cs/mysql:/var/lib/mysql
- /home/████████/server_data/onlyoffice/ds/data:/var/www/onlyoffice/DocumentServerData
environment:
- MYSQL_SERVER_HOST=172.17.0.1
- MYSQL_SERVER_DB_NAME=onlyoffice_cs
- MYSQL_SERVER_USER=root
- MYSQL_SERVER_PASS=████████
- MYSQL_SERVER_PORT=3306
- DOCUMENT_SERVER_PORT_80_TCP_ADDR=oods.████████It is accessed through nginx reverse proxy which offloads SSL and then redirects plain http to 172.17.0.1:5080 like this:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name office.████████;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
ssl on;
server_name office.████████;
ssl_certificate ████████;
ssl_certificate_key ████████;
location = /favicon.ico {
return 204;
access_log off;
log_not_found off;
}
location / {
client_max_body_size 4G;
proxy_pass http://172.17.0.1:5080;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}Steps to reproduce
In Documents click upload button and select any file.
Observed behavior
I'm getting error like this:
Mixed Content: The page at 'https://office.████████/products/files/#1' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://office.████████/products/files/ChunkedUploader.ashx?uid=73b614d569e448d4ac753a7f19507a62'. This request has been blocked; the content must be served over HTTPS.
I've tinkered a little with client JS code and found out that this http link to ChunkedUploader is being sent by server in a response to /api/2.0/files/1/upload/create_session.json call. As JS is minified on the client I can't provide exact file/line of code where it happens. Code in the debugger looks like this:
var i = jq.format("{0}files/{1}/upload/create_session.json", ASC.Resources.Master.ApiPath, n.fid)
, t = null;
return jq.ajax({The whole response that I'm getting looks like this:
{
"success": true,
"data": {
"id": "b7d920e3776742d9832367fcbcd37131",
"path": [
1
],
"created": "2017-12-17T14:46:05.832996Z",
"expired": "2017-12-18T02:46:05.832996Z",
"location": "http://office.████████/products/files/ChunkedUploader.ashx?uid=b7d920e3776742d9832367fcbcd37131",
"bytes_uploaded": 0,
"bytes_total": 12354
}
}Expected behavior
File upload working as intended 😁
Side notes
- If I place breakpoint in the aforementioned code and correct returned link by hand the rest part of file upload is working as intended.
- As seen from my nginx virtualhost config I pass
X-Forwarded-Protoheader, but seems that it's not being considered by the server when generating ChunkedUploader link
Metadata
Metadata
Assignees
Labels
No labels