Question derive port from HTTP_X_FORWARDED_PROTO
- stijnh
- Topic Author
- Visitor
When https is enabled, webtrees (1.6.x, 1.7.0, 1.7.1) generates absolute URLs like www.haezebrouck.be:80 (with https protocol!) which is incorrect of course.
When we look at the HTTP headers and server environment:
$_SERVER when accessing over www.haezebrouck.be :
HTTP_X_FORWARDED_PROTO => null
HTTP_X_FORWARDED_PORT => null
HTTP_X_ONECOM_FORWARDED_PROTO => http
HTTPS => null
SERVER_NAME => www.haezebrouck.be
SERVER_PORT => 80
REDIRECT_URL => null
-> pretty normal
$_SERVER when accessing over www.haezebrouck.be :
HTTP_X_FORWARDED_PROTO => https
HTTP_X_FORWARDED_PORT => null (ouch)
HTTP_X_ONECOM_FORWARDED_PROTO => https
HTTPS => on
SERVER_NAME => www.haezebrouck.be
SERVER_PORT => 80 (proxied as HTTP to PHP)
REDIRECT_URL => null
So when accessing over https:
* HTTPS request are proxied as HTTP request to PHP (but that's ok)
* The HTTP_X_FORWARDED_PROTO is set to https
* But the HTTP_X_FORWARDED_PORT is NOT set. And this causes the problem for webtrees.
In de code, includes/session.php, the $port is retrieved as:
In my example, the outcome for $port is read from SERVER_PORT, which is 80 and incorrect in this case.
In my opinion, when the variable HTTP_X_FORWARDED_PROTO is set, but HTTP_X_FORWARDED_PORT is not, the port should be derived as the default port from the protocol given at HTTP_X_FORWARDED_PROTO, instead of falling back to SERVER_PORT.
If neither HTTP_X_FORWARDED_PROTO or HTTP_X_FORWARDED_PORT are defined, then and only then should SERVER_PORT be used.
I have made the following change to my session.php to get it working with https on One.com:
Is this a more correct way of deriving the port number in case of a proxy?
I first opened a webtrees bug report (sorry, I should have posted this before opening the bug report)
bugs.launchpad.net/webtrees/+bug/1462827
The bug was reported in june, the bug is still new and unassigned, but the discussion within the bug report is stalled.
I also have opened a support ticket with one.com asking why they do set the HTTP_X_FORWARDED_PROTO and not HTTP_X_FORWARDED_PORT. I will post their answer here when I get it.
Please Log in or Create an account to join the conversation.
- Pirate96
- Offline
- New Member
If I make SERVER_URL and LOGIN_URL blank then I am seeing the same behavior with SERVER_PORT.
The URL for login that works wokokon.com/webtree/login.php
The URL after hitting login button wokokon.com:80/webtree/login.php
Here is a pretty good explanation of the enviroment on the Host
Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46
Please Log in or Create an account to join the conversation.
- stijnh
- Topic Author
- Visitor
Meanwhile, I got a response from my hosting provider (one.com): "We have placed a temporary fix. Please retry and give us feeback so we can make this fix permanent".
I have retried and the problem is solved. Using phpinfo(), I looked at the server environment, and now they set the HTTP_X_FORWARDED_PORT to 443.
Pirate96, are you also hosting at one.com?
Please Log in or Create an account to join the conversation.
- Pirate96
- Offline
- New Member
stijnh wrote: It seems indeed that you have the same issue. If you look at the environment, check what the value is for HTTP_X_FORWARDED_PORT. If it is not set, then it explains why webtrees behaves this way.
Meanwhile, I got a response from my hosting provider (one.com): "We have placed a temporary fix. Please retry and give us feeback so we can make this fix permanent".
I have retried and the problem is solved. Using phpinfo(), I looked at the server environment, and now they set the HTTP_X_FORWARDED_PORT to 443.
I do not have a value for HTTP_X_FORWARDED_PORT, however that should not be an issue. The problem comes when webtrees is trying to add a port to the string.
Actually looking at php bugs it is not a php issue and this indicates that is a server config/ mod_rewrite issue.
stijnh wrote: Pirate96, are you also hosting at one.com?
No, I am using WebFaction quite happily I might add!
Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46
Please Log in or Create an account to join the conversation.
- Pirate96
- Offline
- New Member
wokokon.com:24088/webtree/login.php
So I decided to do a fresh install and had the same exact experience
I can get the webtrees. site to behave by changing the following line from
to the following
I have tried setting the base url via Control Panel--> Websites-->Website URL with no success.
That appears to be a bug with webtrees in my opinion as the application should not be trying the $port when the base url is set.
The great news is that my webtrees site is now working all the time over https and I now have a working nginx and php-fpm installation that I can spin up as needed.
Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46
Please Log in or Create an account to join the conversation.
- stijnh
- Topic Author
- Visitor
* When a server is a forwarding proxy, and the port is not a standard port, then the proxy should set the HTTP_X_FORWARDED_PORT environment, otherwise, there is no way for webtrees to know on which port urls must be requested
* However, we now have 2 providers that do not set the HTTP_X_FORWARDED_PORT when running on a default port (https in both examples). Here, webtrees incorrectly uses "SERVER_PORT" which will be 80, but not correct. The port 80 is not a standard port for HTTPS, so webtrees generates url of the form https://domain:80. I also consider this as a bug.
A bug report is already created: bugs.launchpad.net/webtrees/+bug/1462827
Status of bug remains 'new' and 'unassigned'
Perhaps with a second user reporting it in the forum, it will get more attention...
Please Log in or Create an account to join the conversation.
- stijnh
- Topic Author
- Visitor
You can't set the url via Control Panel. It's a drop-down that will only let to choose from domains it detects. This is done deliberately to avoid users setting an incorrect value which lock them out their own site. In this case, that works against us
Please Log in or Create an account to join the conversation.
- fisharebest
- Away
- Administrator
I aim to fix all reported bugs (eventually!). If there were more hours in the day, I would fix them sooner...
> A bug report is already created: bugs.launchpad.net/webtrees/+bug/1462827
> Status of bug remains 'new' and 'unassigned'
The launchpad bug tracker hasn't been used for some time (although I am aware of this bug report). New bugs should be reported on the github issue tracker github.com/fisharebest/webtrees/issues The github tracker is so much nicer. It doesn't email your own comments back to you, it lets you edit your post to fix typos, it lets you use formatting and inline attachments, it lets you close bugs automatically by including their number in the commit message, etc., etc.
I just haven't had time to set up a test proxy server to make sure that any fix doesn't break existing logic.
> The great news is that my webtrees site is now working all the time over https and I now have a working nginx and php-fpm
So does mine fisharebest.webtrees.net
I simply added
Now there are thousands of ways to configure webservers and proxy servers. You have chosen to set HTTP_X_FORWARDED_PROTO (but not HTTP_X_FORWARDED_PORT). I have not used this configuration myself, and always assumed the two would be used together. They were for the first person who asked for HTTP_X_FORWARDED to be supported.
What I intend to do is look at some other frameworks (e.g. symfony) and follow similar logic to them.
Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net
Please Log in or Create an account to join the conversation.
- stijnh
- Topic Author
- Visitor
And next time:
- I will first post something in the forum
- and only then if needed, a bug report in the correct bug tracking tool
Please Log in or Create an account to join the conversation.
- Pirate96
- Offline
- New Member
stijnh wrote: Pirate96: You will need to redo that change on every webtrees update
Took me longer to remember where the sessions.php file was then it did to update webtrees to 1.7.2 and make the change to the file.
Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46
Please Log in or Create an account to join the conversation.
- Pirate96
- Offline
- New Member
That said it is smoking fast on php 7.0
Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46
Please Log in or Create an account to join the conversation.
- Pirate96
- Offline
- New Member
Great job.
Just upgraded to 1.7.11 and did not have to make any changes as I had in prior upgrades!
Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46
Please Log in or Create an account to join the conversation.
- fisharebest
- Away
- Administrator
It handles a much wider range of server configurations.
Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net
Please Log in or Create an account to join the conversation.
- Pirate96
- Offline
- New Member
Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46
Please Log in or Create an account to join the conversation.