Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

https + nginx proxy #4

Closed
hrach opened this issue Apr 18, 2014 · 6 comments
Closed

https + nginx proxy #4

hrach opened this issue Apr 18, 2014 · 6 comments

Comments

@hrach
Copy link
Contributor

@hrach hrach commented Apr 18, 2014

If there is https nginx proxy, our webhoster sets SERVER_PORT to 80 for the apache webserver. But the application runs over 443 and https. See their response and dumped headers.

Server headers dump:

HTTPS on
HTTP_HOST www.xxx.cz
HTTP_X_FORWARDED_HOST www.xxx.cz
HTTP_X_FORWARDED_SERVER www.xxx.cz
HTTP_X_FORWARDED_FOR 94.230.146.241
HTTP_FORWARDED_REQUEST_URI /test.php
HTTP_HTTP_X_FORWARDED_PROTO https
HTTP_HTTPS on
HTTP_X_FORWARDED_PROTO https
HTTP_X_FORWARDED_SSL on
SERVER_SIGNATURE no value
SERVER_SOFTWARE Apache
SERVER_NAME www.xxx.cz
SERVER_ADDR 127.0.0.1
SERVER_PORT 80

Response from the webhosting

The HTTPS header is properly set by our front end Nginx web server, as well as the 'X-Forwarded-SSL' header.

The problem here is that the $_SERVER['SERVER_PORT'] variable is always 80, since the Apache (sitting behind the Nginx) never receives HTTPS traffic, rather the front end Nginx does. You are relying on that variable to construct the HttpRequest object in

/home/xxx/webapps/xxx/vendor/nette/nette/NetteHttpRequestFactory.php on line 80:

if (isset($pair[2])) {
$url->port = (int) substr($pair[2], 1);
} elseif (isset($_SERVER['SERVER_PORT'])) {
$url->port = (int) $_SERVER['SERVER_PORT'];
}

...

WebFaction Support

@hrach

This comment has been minimized.

Copy link
Contributor Author

@hrach hrach commented Apr 18, 2014

Maybe we could ask them to add HTTP_X_FORWARDED_PORT and prioritize this key?

@Majkl578

This comment has been minimized.

Copy link
Contributor

@Majkl578 Majkl578 commented Apr 18, 2014

X-Forwarded-Port is exactly what I was thinking about while reading your first message.

@dg

This comment has been minimized.

Copy link
Member

@dg dg commented Feb 10, 2015

ping @hrach & @Majkl578

@hrach

This comment has been minimized.

Copy link
Contributor Author

@hrach hrach commented Feb 10, 2015

@dg are you asking for PR or better explanation or if it's still valid?

The site is no longer running, however, this "bug/feature" is still present a should be fixed.

@dg

This comment has been minimized.

Copy link
Member

@dg dg commented Feb 10, 2015

Fix, close, whatever :-)

@petrdvorak

This comment has been minimized.

Copy link

@petrdvorak petrdvorak commented Aug 13, 2015

From my perspective, this would be a nice thing to fix by interpreting the HTTP_HTTP_X_FORWARDED_PROTO / HTTP_X_FORWARDED_PORT

@dg dg closed this in 805ff25 Feb 7, 2016
dg added a commit that referenced this issue Feb 8, 2016
…hind a trusted proxy [Closes #81][Closes #4]
dg added a commit that referenced this issue Mar 30, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.