MantisBT - Pending Requests
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001186Pending RequestsCore Infrastructurepublic2012-09-26 01:002014-07-03 17:04
Reporterlaussetdelon 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001186: Web2project through reverse proxy (3.0 pre)
DescriptionAs many of my sites, I tried to put Web2project throught a reverse proxy.
Following this :
<VirtualHost>
ProxyPreserveHost On
ProxyPass / http://192.168.0.91/project/
ProxyPassReverse / http://192.168.0.91/project/
ServerName project.mydomain.tld
CustomLog /var/log/apache2/access-project.log combined
</VirtualHost>

All the other sites are OK, not web2project. I succeed to get into home page after authentification but any action from there is bringing me back to authentification page.
Do you have a clue ?

Thnak you
TagsNo tags attached.
Relationships
duplicate of 0000566closed caseydk Reverse Proxy Handling 
Attached Files? security.php (146) 1969-12-31 16:00
https://bugs.web2project.net/file_download.php?file_id=412&type=bug
patch base.php.patch (864) 1969-12-31 16:00
https://bugs.web2project.net/file_download.php?file_id=413&type=bug

Notes
(0003032)
jmfg1973   
2013-11-21 11:58   
(Last edited: 2013-11-21 12:00)
My solution:

My proxy configuration:

<Location /project>
        ProxyPreserveHost On
        # necessary only if protocol change
        RequestHeader set X-Forwarded-Proto "https" early
        ProxyPass / http://[internal ip]/[internal direcotry]/
        ProxyPassReverse / http://[internal ip]/[internal direcotry]/
</Location>

Following code changes:
add file include/security.php

<?php

global $w2Psecurity;

// external host include protocol
$w2Psecurity['X-Forwarded-URL'] = 'https://web2project.example.com';

?>

patched base.php
53,55c53,67
< $baseUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 'https://' :
< 'http://';
< $baseUrl .= safe_get_env('HTTP_HOST');
---
> if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
> $baseUrl=$_SERVER['HTTP_X_FORWARDED_PROTO'] . '://' . $_SERVER['HTTP_X_FORWARDED_HOST'];
>
> require_once($baseDir . '/includes/security.php');
> if (!isset($w2Psecurity['X-Forwarded-URL'])) {
> $baseUrl='';
> } else if (strcmp($baseUrl,$w2Psecurity['X-Forwarded-URL']) != 0) {
> $baseUrl='';
> }
> }
> if (strlen($baseUrl) === 0) {
> $baseUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 'https://' :
> 'http://';
> $baseUrl .= safe_get_env('HTTP_HOST');
> }
61d72
<
131c142
< define('QUERY_STYLE_NUM', 1);
\ No newline at end of file
---
> define('QUERY_STYLE_NUM', 1);

Issue History
Date ModifiedUsernameFieldChange
2012-09-26 01:00laussetdelonNew Issue
2012-11-21 21:37caseydkProjectv3.0 Release => Pending Requests
2013-11-21 11:57jmfg1973File Added: security.php
2013-11-21 11:58jmfg1973Note Added: 0003032
2013-11-21 11:59jmfg1973File Added: base.php.patch
2013-11-21 12:00jmfg1973Note Edited: 0003032
2014-01-01 16:37caseydkSummaryWeb2project throught reverse proxy (3.0 pre) => Web2project through reverse proxy (3.0 pre)
2014-04-05 17:29caseydkCategoryGeneral => Core Infrastructure
2014-07-03 17:04caseydkRelationship addedduplicate of 0000566