Web based family history software

Question derive port from HTTP_X_FORWARDED_PROTO

  • stijnh
  • Topic Author
  • Visitor
  • Visitor
8 years 8 months ago - 8 years 8 months ago #1 by stijnh
I am hosting my webtrees ( www.haezebrouck.be ) at One.com and ran into problems when enabeling https.
When https is enabled, webtrees (1.6.x, 1.7.0, 1.7.1) generates absolute URLs like www.haezebrouck.be:80 (with https protocol!) which is incorrect of course.

When we look at the HTTP headers and server environment:
$_SERVER when accessing over www.haezebrouck.be :
HTTP_X_FORWARDED_PROTO => null
HTTP_X_FORWARDED_PORT => null
HTTP_X_ONECOM_FORWARDED_PROTO => http
HTTPS => null
SERVER_NAME => www.haezebrouck.be
SERVER_PORT => 80
REDIRECT_URL => null
-> pretty normal

$_SERVER when accessing over www.haezebrouck.be :
HTTP_X_FORWARDED_PROTO => https
HTTP_X_FORWARDED_PORT => null (ouch)
HTTP_X_ONECOM_FORWARDED_PROTO => https
HTTPS => on
SERVER_NAME => www.haezebrouck.be
SERVER_PORT => 80 (proxied as HTTP to PHP)
REDIRECT_URL => null

So when accessing over https:
* HTTPS request are proxied as HTTP request to PHP (but that's ok)
* The HTTP_X_FORWARDED_PROTO is set to https
* But the HTTP_X_FORWARDED_PORT is NOT set. And this causes the problem for webtrees.

In de code, includes/session.php, the $port is retrieved as:
Code:
$port = Filter::server('HTTP_X_FORWARDED_PORT', '80|443', Filter::server('SERVER_PORT', null, '80'));

In my example, the outcome for $port is read from SERVER_PORT, which is 80 and incorrect in this case.

In my opinion, when the variable HTTP_X_FORWARDED_PROTO is set, but HTTP_X_FORWARDED_PORT is not, the port should be derived as the default port from the protocol given at HTTP_X_FORWARDED_PROTO, instead of falling back to SERVER_PORT.
If neither HTTP_X_FORWARDED_PROTO or HTTP_X_FORWARDED_PORT are defined, then and only then should SERVER_PORT be used.

I have made the following change to my session.php to get it working with https on One.com:

Code:
if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) { $port = $_SERVER['HTTP_X_FORWARDED_PORT']; } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $port='443'; } else { $port='80'; } } elseif (isset($_SERVER['SERVER_PORT'])) { $port = $_SERVER['SERVER_PORT']; } else { $port = '80'; }

Is this a more correct way of deriving the port number in case of a proxy?

I first opened a webtrees bug report (sorry, I should have posted this before opening the bug report)
bugs.launchpad.net/webtrees/+bug/1462827
The bug was reported in june, the bug is still new and unassigned, but the discussion within the bug report is stalled.

I also have opened a support ticket with one.com asking why they do set the HTTP_X_FORWARDED_PROTO and not HTTP_X_FORWARDED_PORT. I will post their answer here when I get it.
Last edit: 8 years 8 months ago by stijnh. Reason: https was hidden in the text because of forum auto hyperlinking

Please Log in or Create an account to join the conversation.

More
8 years 8 months ago #2 by Pirate96
Replied by Pirate96 on topic derive port from HTTP_X_FORWARDED_PROTO
I am trying to move my website to all https all the time.

If I make SERVER_URL and LOGIN_URL blank then I am seeing the same behavior with SERVER_PORT.

The URL for login that works wokokon.com/webtree/login.php

The URL after hitting login button wokokon.com:80/webtree/login.php


Here is a pretty good explanation of the enviroment on the Host

Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46

Please Log in or Create an account to join the conversation.

  • stijnh
  • Topic Author
  • Visitor
  • Visitor
8 years 8 months ago - 8 years 8 months ago #3 by stijnh
Replied by stijnh on topic derive port from HTTP_X_FORWARDED_PROTO
It seems indeed that you have the same issue. If you look at the environment, check what the value is for HTTP_X_FORWARDED_PORT. If it is not set, then it explains why webtrees behaves this way.

Meanwhile, I got a response from my hosting provider (one.com): "We have placed a temporary fix. Please retry and give us feeback so we can make this fix permanent".

I have retried and the problem is solved. Using phpinfo(), I looked at the server environment, and now they set the HTTP_X_FORWARDED_PORT to 443.

Pirate96, are you also hosting at one.com?
Last edit: 8 years 8 months ago by stijnh. Reason: I always post and then re-read for errors

Please Log in or Create an account to join the conversation.

More
8 years 8 months ago - 8 years 8 months ago #4 by Pirate96
Replied by Pirate96 on topic derive port from HTTP_X_FORWARDED_PROTO

stijnh wrote: It seems indeed that you have the same issue. If you look at the environment, check what the value is for HTTP_X_FORWARDED_PORT. If it is not set, then it explains why webtrees behaves this way.

Meanwhile, I got a response from my hosting provider (one.com): "We have placed a temporary fix. Please retry and give us feeback so we can make this fix permanent".

I have retried and the problem is solved. Using phpinfo(), I looked at the server environment, and now they set the HTTP_X_FORWARDED_PORT to 443.


I do not have a value for HTTP_X_FORWARDED_PORT, however that should not be an issue. The problem comes when webtrees is trying to add a port to the string.

Actually looking at php bugs it is not a php issue and this indicates that is a server config/ mod_rewrite issue.

stijnh wrote: Pirate96, are you also hosting at one.com?


No, I am using WebFaction quite happily I might add!

Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46
Last edit: 8 years 8 months ago by Pirate96. Reason: clarfication

Please Log in or Create an account to join the conversation.

More
8 years 8 months ago #5 by Pirate96
Replied by Pirate96 on topic derive port from HTTP_X_FORWARDED_PROTO
So I configured a backend nginx server for my webtrees site and still was seeing the same error. I could tell it was picking up the value of the port at it was trying to make the url as follows.

wokokon.com:24088/webtree/login.php


So I decided to do a fresh install and had the same exact experience


I can get the webtrees. site to behave by changing the following line from
Code:
#define('WT_BASE_URL', $protocol . '://' . $host . $port . $path);

to the following
Code:
define('WT_BASE_URL', $protocol . '://' . $host . $path);

I have tried setting the base url via Control Panel--> Websites-->Website URL with no success.

That appears to be a bug with webtrees in my opinion as the application should not be trying the $port when the base url is set.


The great news is that my webtrees site is now working all the time over https and I now have a working nginx and php-fpm installation that I can spin up as needed.

Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46

Please Log in or Create an account to join the conversation.

  • stijnh
  • Topic Author
  • Visitor
  • Visitor
8 years 7 months ago #6 by stijnh
Replied by stijnh on topic derive port from HTTP_X_FORWARDED_PROTO
It seems to be a webtrees bug indeed.

* When a server is a forwarding proxy, and the port is not a standard port, then the proxy should set the HTTP_X_FORWARDED_PORT environment, otherwise, there is no way for webtrees to know on which port urls must be requested
* However, we now have 2 providers that do not set the HTTP_X_FORWARDED_PORT when running on a default port (https in both examples). Here, webtrees incorrectly uses "SERVER_PORT" which will be 80, but not correct. The port 80 is not a standard port for HTTPS, so webtrees generates url of the form https://domain:80. I also consider this as a bug.

A bug report is already created: bugs.launchpad.net/webtrees/+bug/1462827
Status of bug remains 'new' and 'unassigned'

Perhaps with a second user reporting it in the forum, it will get more attention...

Please Log in or Create an account to join the conversation.

  • stijnh
  • Topic Author
  • Visitor
  • Visitor
8 years 7 months ago - 8 years 7 months ago #7 by stijnh
Replied by stijnh on topic derive port from HTTP_X_FORWARDED_PROTO
Pirate96: You will need to redo that change on every webtrees update

You can't set the url via Control Panel. It's a drop-down that will only let to choose from domains it detects. This is done deliberately to avoid users setting an incorrect value which lock them out their own site. In this case, that works against us :-)
Last edit: 8 years 7 months ago by stijnh.

Please Log in or Create an account to join the conversation.

  • fisharebest
  • Away
  • Administrator
  • Administrator
More
8 years 7 months ago #8 by fisharebest
Replied by fisharebest on topic derive port from HTTP_X_FORWARDED_PROTO
> Perhaps with a second user reporting it in the forum, it will get more attention...

I aim to fix all reported bugs (eventually!). If there were more hours in the day, I would fix them sooner...

> A bug report is already created: bugs.launchpad.net/webtrees/+bug/1462827
> Status of bug remains 'new' and 'unassigned'

The launchpad bug tracker hasn't been used for some time (although I am aware of this bug report). New bugs should be reported on the github issue tracker github.com/fisharebest/webtrees/issues The github tracker is so much nicer. It doesn't email your own comments back to you, it lets you edit your post to fix typos, it lets you use formatting and inline attachments, it lets you close bugs automatically by including their number in the commit message, etc., etc.

I just haven't had time to set up a test proxy server to make sure that any fix doesn't break existing logic.

> The great news is that my webtrees site is now working all the time over https and I now have a working nginx and php-fpm

So does mine :-) fisharebest.webtrees.net

I simply added
Code:
fastcgi_param HTTPS on;
to the vhost defintion - to match the parameters set by Apache.

Now there are thousands of ways to configure webservers and proxy servers. You have chosen to set HTTP_X_FORWARDED_PROTO (but not HTTP_X_FORWARDED_PORT). I have not used this configuration myself, and always assumed the two would be used together. They were for the first person who asked for HTTP_X_FORWARDED to be supported.

What I intend to do is look at some other frameworks (e.g. symfony) and follow similar logic to them.

Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net

Please Log in or Create an account to join the conversation.

  • stijnh
  • Topic Author
  • Visitor
  • Visitor
8 years 7 months ago #9 by stijnh
Replied by stijnh on topic derive port from HTTP_X_FORWARDED_PROTO
Thanks fisharebest for your feedback.

And next time:
- I will first post something in the forum
- and only then if needed, a bug report in the correct bug tracking tool

Please Log in or Create an account to join the conversation.

More
8 years 7 months ago #10 by Pirate96
Replied by Pirate96 on topic derive port from HTTP_X_FORWARDED_PROTO

stijnh wrote: Pirate96: You will need to redo that change on every webtrees update


Took me longer to remember where the sessions.php file was then it did to update webtrees to 1.7.2 and make the change to the file.

Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46

Please Log in or Create an account to join the conversation.

More
8 years 6 days ago #11 by Pirate96
Replied by Pirate96 on topic derive port from HTTP_X_FORWARDED_PROTO
Took me longer once again to find the session.php to edit then the upgrade to 1.7.4.


That said it is smoking fast on php 7.0

Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46

Please Log in or Create an account to join the conversation.

More
5 years 6 months ago #12 by Pirate96
Replied by Pirate96 on topic derive port from HTTP_X_FORWARDED_PROTO
I do not believe anything changed on the Web Hosting side, however a quick note to the Devs.......

Great job.

Just upgraded to 1.7.11 and did not have to make any changes as I had in prior upgrades!

Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46

Please Log in or Create an account to join the conversation.

  • fisharebest
  • Away
  • Administrator
  • Administrator
More
5 years 6 months ago #13 by fisharebest
Replied by fisharebest on topic derive port from HTTP_X_FORWARDED_PROTO
Since 1.7.10, we now use the Symfony http-foundation library to identify the server/request setup.

It handles a much wider range of server configurations.

Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net

Please Log in or Create an account to join the conversation.

More
5 years 6 months ago #14 by Pirate96
Replied by Pirate96 on topic derive port from HTTP_X_FORWARDED_PROTO
I thought that was the change. Superb job on a wonderful project!

Operating System: Fedora 30, Browser: Firefox 71.0, WebHost: WebFaction, Server OS: CentOS 7, webtrees 2.0.1 Apache 2.4.6, PHP 7.3.12, MySQL 5.6.46

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum
}