Ignoring HTTPS APP_URL

[denwilliams]

I have this running on AWS ECS behind an AWS load balancer:

[Browser] -https-> [ELB] -http-> [Container]

With the APP_URL env var set to https://status....

However when opening the dashboard all the links are http://status.... In addition the subscribe form tries to post to http://...

I'm not sure what is rewriting the URLs. I haven't specified HTTP anywhere.
The container itself runs on HTTP.

Any configuration I'm missing, or is something awry here?

[fotto1]

I have exactly the same issue any progress on this issue?

[cit1zen]

I have the same problem in OpenShift cluster.

[aberfeldy]

Same here, seems APP_URL is ignored for creating routes. Only got it working by adding

\URL::forceSchema('https');
to app/Foundation/Providers/AppServiceProvider.php

But using the docker image, I don't want to hack around with the file on deployment. Would be nice if cachet would be using the https in the APP_URL for generating routes.

[djdefi]

cc @CachetHQ/core ☝️

[joecohens]

APP_URL is just used for console commands at the moment, when installing Cachet behind a load balancer the http/https protocol it's resolved by the TrustedProxies middleware. The config for the trusted ip ranges is at config/trustedproxies.php.

@denwilliams Can you confirm which version of Cachet are you using?

[aberfeldy]

Well that's not really working with AWS-ELB's. ELB's don't really have an IP, they have a pool, which can vary depending on the traffic.

For example at the moment my cachet-ELB is returning 52.58.X.X, 212.86.X.X and 18.196.X.X, calculating the possible range would be impossible.

A config option, e.g. setting USE_HTTPS to enforce https usage in the app would at least be more helpful in an AWS like environment.

[denwilliams]

Sorry @joecohens I missed that question.

I was using :latest so not sure what version it was actually running at the time.
I'm now explicitly using 2.3.13 with the same issue.

[asyd]

Thanks for the tip @joecohens that did the work! Maybe you should add rfc1928 prefix as well by default?

[denwilliams]

Have the same problem as @aberfeldy - using AWS ELBs.

Would be great if we could override or add to trusted proxies by environment variable.

[ChrisTerBeke]

Same issue here on Google Cloud Kubernetes using the Nginx ingress controller (LB level 7).

[ghost]

Same here using nginx

[djdefi]

Reopening here as we should include this in the entrypoint as a possible runtime env option

[peter-t-kim]

Hi,

I used @aberfeldy 's \URL::forceSchema('https'); solution to get the redirects to use https after setup page and within the dashboard, but for some reason after clicking the "Status Page" icon in the bottom-left of the dashboard, and logging in at https:///auth/login, the redirect uses http again when redirecting to the dashboard and I get an error:

400 Bad Request
The plain HTTP request was sent to HTTPS port

Not sure why the redirects from setup and within the dashboard all work but from /auth/login does not. Any advice?

[thomvaill]

If you are still interested, I posted a Dockerfile example that fixes (in an ugly way) this issue: cachethq/cachet#3952