Issue #56: [doc] Application not 'remembering' custom port

Reported by:	Dan Fedak
State:	new
Created on:	2014-11-26 00:20
Updated on:	2015-08-15 02:43

Description

When configuring on non-standard port (e.g. 8443) through proxy front-end such as NGINX, the application seems to sometimes 'forget' the port, especially on form submits.

Attachments

Comments

Comment by Mads Kiilerich, on 2014-11-26 00:28

It do remember the port if you configure the wsgi environment correctly - especially that the front-end forwards the connection info correctly to the back-end web server.

This report do not give much indication of what the setup is and whether it follows the advices in the documentation.

/me do totally not understand why people insist on running a two-tier setup when it is so much more complicated than apache+mod_wsgi.

Comment by Dan Fedak, on 2014-11-26 00:50

Proxy settings are this (from wiki):

proxy_redirect              off;
proxy_set_header            Host $host;
## needed for container auth
#proxy_set_header            REMOTE_USER $remote_user;
#proxy_set_header            X-Forwarded-User $remote_user;
proxy_set_header            X-Url-Scheme $scheme;
proxy_set_header            X-Host $http_host;
proxy_set_header            X-Real-IP $remote_addr;
proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header            Proxy-host $proxy_host;
#proxy_set_header X-Forwarded-Proto https;
proxy_buffering             off;
proxy_connect_timeout       7200;
proxy_send_timeout          7200;
proxy_read_timeout          7200;
proxy_buffers               8 32k;
client_max_body_size        1024m;
client_body_buffer_size     128k;
large_client_header_buffers 8 64k;

Comment by Dan Fedak, on 2014-11-26 00:54

Main NGINX.conf file is this (again from wiki):

upstream rc {
    server 127.0.0.1:5000;
    # add more instances for load balancing
    #server 127.0.0.1:5001;
    #server 127.0.0.1:5002;
}

server {
   listen          8443;
   server_name     hghub.server.com;
   access_log      /usr/local/var/log/nginx/hghub.access.log;
   error_log       /usr/local/var/log/nginx/hghub.error.log;

   ssl on;
   ssl_certificate     /usr/local/etc/openssl/certs/server_wildcard.crt;
   ssl_certificate_key /usr/local/etc/openssl/private/server_wildcard.key;

   ssl_session_timeout 5m;

   ssl_protocols SSLv3 TLSv1;
   ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
   ssl_prefer_server_ciphers on;

   ## uncomment root directive if you want to serve static files by nginx
   ## requires static_files = false in .ini file
   #root /path/to/installation/kallithea/public;
   include         /usr/local/etc/nginx/proxy.conf;
   location / {
        try_files $uri @rhode;
   }

   location @rhode {
        proxy_pass      http://rc;
   }

}

Comment by Mads Kiilerich, on 2014-11-26 00:56

Kallithea version?

Backend setup?

Comment by Thomas De Schampheleire, on 2015-05-06 19:58

@dfedak Is this still a problem?

Comment by Koen Ekelschot, on 2015-05-21 20:11

@dfedak I managed to solve this (for version 0.2.1) by making two minor adjustments to the nginx.conf. I've added ":$server_port" to the Host and X-Host, and now it's working fine for me.

proxy_redirect              off;
proxy_set_header            Host $host:$server_port;
## needed for container auth
#proxy_set_header            REMOTE_USER $remote_user;
#proxy_set_header            X-Forwarded-User $remote_user;
proxy_set_header            X-Url-Scheme $scheme;
proxy_set_header            X-Host $http_host:$server_port;
proxy_set_header            X-Real-IP $remote_addr;
proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header            Proxy-host $proxy_host;
#proxy_set_header X-Forwarded-Proto https;
proxy_buffering             off;
proxy_connect_timeout       7200;
proxy_send_timeout          7200;
proxy_read_timeout          7200;
proxy_buffers               8 32k;
client_max_body_size        1024m;
client_body_buffer_size     128k;
large_client_header_buffers 8 64k;

Comment by Dan Fedak, on 2015-05-22 09:50

Thanks for this. Will try and see if it sorts it out.

Comment by Thomas De Schampheleire, on 2015-05-25 19:49

@dfedak @kmekelschot When the suggestion is confirmed, I think we should update the documentation (http://kallithea.readthedocs.org/en/latest/setup.html#nginx-virtual-host-example). Patches are very welcome!

Comment by Thomas De Schampheleire, on 2015-06-16 19:50

@dfedak @kmekelschot Any feedback?

Comment by Thomas De Schampheleire, on 2015-07-07 18:02

Bump

Comment by Thomas De Schampheleire, on 2015-07-27 20:01

Documentation to be improved.

Comment by Thomas De Schampheleire, on 2015-07-27 20:20

Comment by chico adelio, on 2015-08-15 02:07

you can add http to https redirect on the server conf

server {
    listen 80;
    server_name yourxxx.com;

    location / {
         return 301 https://$server_name$request_uri;
    }
}

Comment by Mads Kiilerich, on 2015-08-15 02:43

The Kallithea application should however still be informed which protocol / hostname / port / path it should use for URLs it generates and puts in for example HTTP redirects and mails and other strings. Kallithea will by default use whatever the WSGI environment is telling it. If the WSGI server (and the proxy server that might be in front of it) can't be configured correctly, it might be possible to use the workarounds partly described on http://kallithea.readthedocs.org/en/0.2/setup.html#https-support .

Kallithea issues archive