we have a running page with Typo3 v9.5 and switched to Typo3 v11.
There is a big problem with the Site Configuration. If we set the Entry Point to protocol https we got 404 errors on all pages. If we set the protocol to http it works as expected also with https://.
In front of the Apache we have a HAProxy which unpack the https and redirect the queries to a varnish proxy and the varnish redirects to Apache Servers (more than one).
One more problem with this http Entry Point is that a call to https://mypage/typo3/ results in a redirect to insecure http://mypage/typo3/ which will not be accepted.
What I have to change so that the Entry Point uses https protocol and an access to my pages do not result in 404 errors?
Thanks #julian-hofmann for the tip again.
In our environment I need the following settings in the AdditionalConfiguration.php
$GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL'] = '*';
# there is more than one reverseProxyIP
$GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] = '*';
# removes from http header x_forwarded_for the last entry (proxy)
$GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue'] = 'last';
And have to set the http header variable x_forwarded_proto to https also.
Now it works as expected.
Related
I'm trying to implement URL redirects from http to https as described by [https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management][1] but I'm getting ERR_TOO_MANY_REDIRECTS
I have a storage bucket with a very simple HTML page.
I have an external HTTP load balancer in front of it. Static IP address. SSL cert. I managed to connect everything so that both http and https requests for the site load the contents of the bucket.
I tried to add the HTTP redirect as per the document:
Changes 'Host and path rules' from 'Simple' to 'Advanced...'.
The default route still points to the bucket
I added a new route. Host is 'www.example.com. The default path rule points to the bucket. The second path rule matches /* and does a prefix/HTTPS redirect as described in the above link.
Once the config is saved, either http or https requests to www.example.com results in ERR_TOO_MANY_REDIRECTS
What am I doing wrong? Really appreciate any help you can provide.
[Backend configuration][2]
[Frontend configuration][3]
[Host and path rules][4]
[Redirect path rule][5]
[1]: https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management
[2]: https://i.stack.imgur.com/lkhUF.png
[3]: https://i.stack.imgur.com/FYst0.png
[4]: https://i.stack.imgur.com/zsTOX.png
[5]: https://i.stack.imgur.com/2tEDE.png
FYI - someone in Google Groups pointed out that I needed 2 load balancers. 1 to terminate the HTTPS traffic and the second to redirect the HTTP traffic. Works like a charm.
An unwanted redirection happens on the host server if I browsed for https it redirects me to HTTP and notices that I haven't any redirection rule to HTTP. the odd thing is that I can browse my app in https from any other device it works well, but not from the host itself. Another thing to notice is that I can bind the site to any other https port and it works well from anywhere, but I want to use the default https port.
I'm using IIS 8.
so any help on this issue?!
Some browsers are caching redirects. You need to clear your browser's cache and try again
So I have spinnaker running behind an https load balancer and my external ports use the standard 443 which get port mapped to the spinnaker instance still on port 9000. I've gotten pretty much everything to work except a redirect from gate is still appending the :9000 port to my URL.
requests sent to https://my.url.com/gate/auth/redirect?to=https://my.url.com/#/infrastructure send back a redirect response with the location header in the 301 location:https://my.url.com:9000/gate/login which fails because the load balancer is only listening for 443. If I manually delete the port and go right to https://my.url.com/gate/login the oauth flow works as expected and once authed all deck functionality and subsequent gate queries work as expected.
In my /etc/default/spinnaker file I have
SPINNAKER_DECK_BASEURL=https://my.url.com
SPINNAKER_GATE_BASEURL=https://my.url.com/gate
in /opt/spinnaker/config/gate-googleOAuth.yml I have
spring:
oauth2:
client:
preEstablishedRedirectUri: ${SPINNAKER_GATE_BASEURL}/login
useCurrentUri: false
and I've ran /opt/spinnaker/bin/reconfigure_spinnaker.sh plus restarts to make sure deck and gate get updated. Does anyone have any ideas what I might be missing?
I figured out my problem. With the help of this issue pointing me in the right direction (https://github.com/spinnaker/spinnaker/issues/1112) and some digging I found that the issue was with apache2 and the reverse proxy back to gate.
ProxyPassReverse
This directive lets Apache httpd adjust the URL in the Location, Content-Location
and URI headers on HTTP redirect responses. This is essential when Apache httpd
is used as a reverse proxy (or gateway) to avoid bypassing the reverse proxy because
of HTTP redirects on the backend servers which stay behind the reverse proxy.
from apache2 documentation https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse
I've got my application on facebook. Its working on https. Recently I've set up the apache reverse proxy. Proxy is doing redirect from https to http port 8080 of tomcat. The game is working if accessed directly. While if accessed from facebook there is an error:
Mixed Content: The page at
'https://apps.facebook.com/pennantrace/?fb_source=bookmark&ref=bookmarks&count=0&fb_bmpos=_0'
was loaded over HTTPS, but requested an insecure form action
'http://thepennantrace.com/'. This request has been blocked; the
content must be served over HTTPS.
UPDATE 1:
I've set spring social facebook's canvas controller's post login url to the "https://..." now it works but tomcat is redirecting the call to https://...com to the http://....com/resources/index.html
Seems like all redirects from tomcat are passed as they are (http) without changing the protocol to the https.
I fixed it by setting apache to use X-Forwarded-Proto
And tomcat to respond on that correctly.
I've got a problem accessing futon interface when it is proxied using nginx.
This config works fine when http protocol is used, but when I try to use
https, I constantly receive no_db_file errors (but operations succeed,
e.g. I can create databases, insert values, etc.)
location / {
proxy_pass http://127.0.0.1:5984;
}
What can I do to make it work correctly using https protocol?
I have used Apache proxying to proxy https to http to do https on CouchDB: http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy
I have found that a trailing slash on the URL affects whether or not https proxying works. Maybe it affects Nginx the same way?
That's not bad! At least you have a working link between nginx and CouchDB.
no_db_file is CouchDB's 404 response when a database (the first thing after the slash) is not there. Check the logs and see what path CouchDB actually received in the query. It may be one of the AJAX calls that Futon does; but whatever it is, the logs will say.