Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

seems like http to https redirect is not working #265

Closed
may17 opened this issue May 13, 2018 · 16 comments
Closed

seems like http to https redirect is not working #265

may17 opened this issue May 13, 2018 · 16 comments
Assignees

Comments

@may17
Copy link

may17 commented May 13, 2018

  • operating system OSX
  • docker version 18.03.0-ce
  • docker-compose version version 1.20.1, build 5d8c71b

First of all thanks a lot for the new https feature.

I`ve got one troubleshoot atm. It seems like the redirect from http to https is not working. I could open http://myproject.loc and https://myproject.loc and both are working. Shouldn`t been http://myproject.loc redirected to https://myproject.loc?

I am using HTTPD_SERVER nginx-stable with the default nginx template.

@cytopia
Copy link
Owner

cytopia commented May 13, 2018

The default is to have both, http and https.

A redirect can however be accomplished by setting:

      - MAIN_VHOST_SSL_TYPE=both

to

      - MAIN_VHOST_SSL_TYPE=redir

in docker-compose.yml

It is not yet a configurable variable in .env as it was not yet properly tested. Feel free to report back here how that works.

@may17
Copy link
Author

may17 commented May 13, 2018

Thank you for your fast response. I`ve changed the MAIN_VHOST_SSL_TYPE to redir but it has no effect. The "problem" still exists.

If i changed it to redirect (Just to test if changes are reconized) the log shows me an error after running docker-compose up as expected.

[ERR] Invalid value for $MAIN_VHOST_SSL_TYPE: 'redirect'. Allowed: plain, ssl, both or redir

@cytopia
Copy link
Owner

cytopia commented May 13, 2018

It should be redir, not redirect

@cytopia
Copy link
Owner

cytopia commented May 13, 2018

There are actually two places:

      - MAIN_VHOST_SSL_TYPE=redir
      - MASS_VHOST_SSL_TYPE=redir

@may17
Copy link
Author

may17 commented May 13, 2018

I`ve added redir to MAIN_VHOST_SSL_TYPE and MASS_VHOST_SSL_TYPE but it is still not redirecting.

@cytopia
Copy link
Owner

cytopia commented May 16, 2018

It does work fine for me. What is the output of docker logs after applying the above settings?

@cytopia cytopia self-assigned this May 16, 2018
@cytopia
Copy link
Owner

cytopia commented Jul 17, 2018

@may17 is this still an issue for you?

@cytopia cytopia added the issue:stale This issue has become stale and is marked for auto-close label Sep 22, 2018
@cytopia
Copy link
Owner

cytopia commented Sep 30, 2018

This issue will be closed due to staleness.

Add required information in order to have it re-opened.

@cytopia cytopia closed this as completed Sep 30, 2018
@iKlsR
Copy link

iKlsR commented Jun 26, 2019

This isn't working for me either. Win 10 1903. Latest master. .env is basically stock sans the IDs.

@cytopia cytopia removed the issue:stale This issue has become stale and is marked for auto-close label Nov 25, 2019
@nicolabeghin
Copy link

nicolabeghin commented Dec 10, 2019

I confirm the same issue, by setting both MAIN_VHOST_SSL_TYPE and MASS_VHOST_SSL_TYPE to redir no automatic redirect happens from HTTP to HTTPS. I'm on stock (updated) devilbox, apache-2.4 and php-fpm

image

Generated vhost /etc/httpd/vhost.d/sia.conf in httpd container is missing the redirect option part
image

<VirtualHost *:443>
    ServerName sia.loc
    Protocols  h2 http/1.1

    CustomLog  "/var/log/apache-2.4/sia_ssl-access.log" combined
    ErrorLog   "/var/log/apache-2.4/sia_ssl-error.log"


    SSLEngine on
    SSLCertificateFile    "/etc/httpd/cert/mass/sia.loc.crt"
    SSLCertificateKeyFile "/etc/httpd/cert/mass/sia.loc.key"
    SSLProtocol           TLSv1 TLSv1.1 TLSv1.2
    SSLHonorCipherOrder   on
    SSLCipherSuite        HIGH:!aNULL:!MD5

    # Define the vhost to serve files
    DocumentRoot "/shared/httpd/sia/htdocs"
    <Directory "/shared/httpd/sia/htdocs">
        DirectoryIndex index.php index.html index.htm

        AllowOverride All
        Options All

        RewriteEngine on
        RewriteBase /

        Order allow,deny
        Allow from all
        Require all granted
    </Directory>


    # In case for PHP-FPM 5.2 compatibility use 'GENERIC' instead of 'FPM'
    # https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#proxyfcgibackendtype
    ProxyFCGIBackendType FPM

    # PHP-FPM Definition
    <FilesMatch \.php$>
        Require all granted
        SetHandler proxy:fcgi://php:9000
    </FilesMatch>

    <Proxy "fcgi://php:9000/">
        ProxySet timeout=180
        ProxySet connectiontimeout=180
    </Proxy>

    # If the php file doesn't exist, disable the proxy handler.
    # This will allow .htaccess rewrite rules to work and
    # the client will see the default 404 page of Apache
    RewriteCond %{REQUEST_FILENAME} \.php$
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
    RewriteRule (.*) - [H=text/html]

    # Alias Definition
    Alias "/devilbox-api/" "/var/www/default/api/devilbox-api/"
    <Location "/devilbox-api/">
        # Allow cross domain request from these hosts
        SetEnvIf Origin "http(s)?://(.*)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
        Header always set Access-Control-Max-Age "0"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
        # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]
    </Location>
    <Directory "/var/www/default/api/devilbox-api/">
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    # Deny Definition
    <FilesMatch "/\.git">
        Order allow,deny
        Deny from all
    </FilesMatch>

    # Deny Definition
    <FilesMatch "/\.ht.*">
        Order allow,deny
        Deny from all
    </FilesMatch>


    # Custom directives

</VirtualHost>
<VirtualHost *:80>
    ServerName sia.loc
    Protocols  http/1.1

    CustomLog  "/var/log/apache-2.4/sia-access.log" combined
    ErrorLog   "/var/log/apache-2.4/sia-error.log"



    # Define the vhost to serve files
    DocumentRoot "/shared/httpd/sia/htdocs"
    <Directory "/shared/httpd/sia/htdocs">
        DirectoryIndex index.php index.html index.htm

        AllowOverride All
        Options All

        RewriteEngine on
        RewriteBase /

        Order allow,deny
        Allow from all
        Require all granted
    </Directory>


    # In case for PHP-FPM 5.2 compatibility use 'GENERIC' instead of 'FPM'
    # https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#proxyfcgibackendtype
    ProxyFCGIBackendType FPM

    # PHP-FPM Definition
    <FilesMatch \.php$>
        Require all granted
        SetHandler proxy:fcgi://php:9000
    </FilesMatch>

    <Proxy "fcgi://php:9000/">
        ProxySet timeout=180
        ProxySet connectiontimeout=180
    </Proxy>

    # If the php file doesn't exist, disable the proxy handler.
    # This will allow .htaccess rewrite rules to work and
    # the client will see the default 404 page of Apache
    RewriteCond %{REQUEST_FILENAME} \.php$
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
    RewriteRule (.*) - [H=text/html]

    # Alias Definition
    Alias "/devilbox-api/" "/var/www/default/api/devilbox-api/"
    <Location "/devilbox-api/">
        # Allow cross domain request from these hosts
        SetEnvIf Origin "http(s)?://(.*)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
        Header always set Access-Control-Max-Age "0"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
        # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]
    </Location>
    <Directory "/var/www/default/api/devilbox-api/">
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    # Deny Definition
    <FilesMatch "/\.git">
        Order allow,deny
        Deny from all
    </FilesMatch>

    # Deny Definition
    <FilesMatch "/\.ht.*">
        Order allow,deny
        Deny from all
    </FilesMatch>


    # Custom directives

</VirtualHost>

Would like to be able to help more and debug the vgen generation somehow but as of right now I have no clue where to start!

@cytopia
Copy link
Owner

cytopia commented Dec 10, 2019

Re-opening, will have a closer look at vhost-gen.

@nicolabeghin
Copy link

Any news on this? I would like to help, if some hint can be provided!

@cytopia
Copy link
Owner

cytopia commented Dec 31, 2019

It does work on the intranet with MAIN_VHOST_SSL_TYPE=redir. However it does not work on the projects via MASS_VHOST_SSL_TYPE=redir. I am still troubleshooting this.

@nicolabeghin
Copy link

saw the commit, great work @cytopia, kudos!!!

@cytopia cytopia closed this as completed in ff143fe Jan 2, 2020
@cytopia
Copy link
Owner

cytopia commented Jan 2, 2020

Now fixed in v1.4.0

cytopia added a commit that referenced this issue Jan 4, 2020
@cytopia cytopia mentioned this issue Jan 4, 2020
@cytopia
Copy link
Owner

cytopia commented Jan 5, 2020

Now it is configurable via .env

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants