Repository URL is wrong when using a reverse proxy

[gitblit]

Originally reported on Google Code with ID 115

What steps will reproduce the problem?
1. Follow the guide to configure gitblit to be access behind apache configured as a
reverse proxy in https
2. Access to a page that contains the repository url

You should see an URL with the https scheme because the external URL is https, but
instead you see an http URL


What version of the product are you using? 1.0.0 

On what operating system? Debian

Reported by fabio.canepa on 2012-07-25 11:30:33

[gitblit]

Hmmm.  I'm sure you are right.  I assume you are using mod_rewrite, but that may only
affect links and the repository URL is not currently a link.  I'm not sure if it should
be.  Perhaps.  In the meantime, you can set web.otherUrls with the appropriate url
but it will still display the internal link as the default.

Reported by James.Moger on 2012-07-25 11:52:36

[gitblit]

Well what I've done is simply following the paragraph "Running Gitblit behind Apache"
under http://gitblit.com/setup.html and it does not use mod_rewrite but just mod_proxy.
I've quickly look at the source code and I see that the method com.gitblit.utils.HttpUtils.getGitblitURL()
simply does an HttpServletRequest.getScheme() but I think that this will be always
http if your apache contact gitblit in http.
Probably there should be a property web.scheme manually set to https when using this
configuraion and th getGitblitURL() should check also this property

Reported by fabio.canepa on 2012-07-25 12:37:56

[gitblit]

This problem can also be seen in the demo site which sits behind a reverse proxy.  I'll
give it some thought.  Thanks for the report.

Reported by James.Moger on 2012-07-25 14:01:27

• Status changed: Accepted

[gitblit]

I've implemented support for the http header fields X-Forwarded-Proto and X-Forwarded-Port
in HttpUtils.getGitblitURL().  This will be part of the next release.

If you access the Gitblit demo site via http then you will see http repository urls.
 If you access via https, then you will see https repository urls.  The demo sits behind
RedHat's nginx reverse proxy and it sets X-Forwarded-Proto for each request.  Unfortunately
at the moment it does not set X-Forwarded-Port, so Gitblit makes a reasonable assumption
that https & 80 don't mix.  I have an open request to RedHat to set that header field.

For your case I believe the syntax for Apache httpd will be:

Header set X-Forwarded-Proto https
Header set X-Forwarded-Port 443

Reported by James.Moger on 2012-08-02 23:46:46

• Status changed: Queued
• Labels added: Milestone-1.0.1

[gitblit]

Thanx a lot!

The syntax for apache should be:

RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443

If you use "Header" insted "RequestHeader" X-Forwarded-Proto and X-Forwarded-Port are
added to the response and not to the request forwarded to the internal server


Cheers!

Reported by fabio.canepa on 2012-08-03 07:48:01

[gitblit]

Thanks.  I corrected the documentation.

Reported by James.Moger on 2012-08-03 11:49:37

[gitblit]

Reported by James.Moger on 2012-08-20 02:06:35

• Labels added: Milestone-1.1.0
• Labels removed: Milestone-1.0.1

[gitblit]

Fix/change released in 1.1.0.

Reported by James.Moger on 2012-08-25 12:20:42

• Status changed: Fixed