server_url() broken in Docker image

[smuth4]

Features that use the server_url function break inside the official docker container (I'm running development), due to $_SERVER['SERVER_NAME'] defaulting to "" since none is defined in nginx.conf. I think that falling back to HTTP_HOST if SERVER_NAME isn't set is a good compromise, but wanted to check before starting on any work

[ArthurHoaro]

Thanks for the report! The server name should be set in the Docker container. @virtualtam do you want to take a look at it?
As for HTTP_HOST, it can be spoofed, so I don't think it's a very good idea to rely on it (it was actually one of my first PR on Shaarli! #98).

[smuth4]

Though an environment variable? I can do that myself if it's what's wanted, sounded a bit hacky though.

[virtualtam]

Hi!

Thanks @smuth4 for the feedback, there hasn't been much regarding our Docker images (either they work really well, or very few people use them ^^)

There is a full rewrite using an Alpine Linux base under work at #843 & #846 , I'm currently looking for a sane way to automate unit testing Shaarli in a containerized environment.

---

Nginx's server_name setting can contain a FQDN or a domain wildcard:

• https://nginx.org/en/docs/http/server_names.html
• https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name

This setting cannot be changed at runtime, and cannot be parameterized using an environment variable:

• https://serverfault.com/questions/798734/use-variable-for-server-name-in-nginx

As server_url() is used to return public-facing URLs, it should rely on HTTP proxy headers in a container context, assuming:

• the Docker container is behind a reverse proxy (haproxy, Træfik, Nginx, Apache HTTPD, etc...)
• the appropriate HTTP headers are passed from the reverse proxy to the Shaarli Nginx backend
• server_url() uses the proxied values to build public-facing URLs

Relevant documentation:

• https://www.haproxy.com/blog/haproxy/proxy-protocol/
• http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
• https://nginx.org/en/docs/http/ngx_http_proxy_module.html
• https://www.nginx.com/resources/admin-guide/proxy-protocol/
• https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/

[smuth4]

This would not have been caught in the unit tests as they are now.

This setting cannot be changed at runtime, and cannot be parameterized using an environment variable:

You could have the startup script run a quick sed on the config. Hacky, like I said, and something I'd only do as a last resort.

How would you like me to proceed? I can fall back to HTTP_X_FORWARDED_HOST instead of HTTP_HOST and make sure nginx sets it to $proxy_host correctly.

[virtualtam]

@smuth4 Let's start with fixing support for proxy-forwarded host settings; as I'd rather avoid adding complexity to Dockerfiles and startup scripts.

@ArthurHoaro Regarding spoofing: though it's not mentioned in our Docker usage docs (for now), containers should run and be served/routed behind a reverse proxy to ensure:

• proper SSL termination for secure connections
• appropriate HTTP headers are set/forwarded to webapps running within containers

[ArthurHoaro]

Yes that's what I'm doing, even though I'm not using the official image (I add theme, plugins, and stuff), but I don't see any relation with spoofing. What I was saying is that, if I'm not mistaken, HTTP_HOST is based on the user request.

[smuth4]

What I was saying is that, if I'm not mistaken, HTTP_HOST is based on the user request.

By default nginx actually set this to proxy_host instead: https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header, and HTTP_X_FORWARDED_HOST can be set by the user just like HTTP_HOST if nothing is reversing proxying (not saying HTTP_HOST is the better option, just pointing out behavior).

@virtualtam I'm willing to help if need be, but I'm not sure what, if anything, I should be doing in regards to "fixing support for proxy-forwarded host settings".

[nbud]

Same issue as @smuth4 but #899 didn't fix the issue for me because HTTP_X_FORWARDED_HOST is not set up in my config. Could server_url rely on $_SERVER["HTTP_HOST"] if $_SERVER["SERVER_NAME"] is not set?

[ArthurHoaro]

Is there any issue preventing you to add X-Forwarded-* directives to your reverse proxy?

[nbud]

No real issue except that I don't know yet how to do it. However, it seems to me that supporting $_SERVER["HTTP_HOST"] as a fallback would have no downside but would the life of some users (like myself) easier.

[nbud]

I fixed my reverse proxy issue by adding to the nginx configuration:

proxy_set_header X-Forwarded-Host $host;

I use jwilder/nginx-proxy, a very popular reverse proxy for Docker. Because it is widely used, I think it would be an improvement that the shaarli image worked out of the box with it. The only needed change would be to make server_url() use $_SERVER["HTTP_HOST"] if $_SERVER["SERVER_NAME"] is not set. I can PR it if you want.

[virtualtam]

@nbud I've raised #1010 to provide a working example + documentation for Compose + Nginx reverse proxy

I suspect most remaining issues are related to the involved proxies' configuration (esp. headers) rather than the code dealing with HTTP headers; feel free to open new issues though, should you see any specific point to be addressed ;-)