Issue #56: [doc] Application not 'remembering' custom port
Reported by: | Dan Fedak |
State: | new |
Created on: | 2014-11-26 00:20 |
Updated on: | 2015-08-15 02:43 |
Description
When configuring on non-standard port (e.g. 8443) through proxy front-end such as NGINX, the application seems to sometimes 'forget' the port, especially on form submits.
Attachments
Comments
Comment by Mads Kiilerich, on 2014-11-26 00:28
It do remember the port if you configure the wsgi environment correctly - especially that the front-end forwards the connection info correctly to the back-end web server.
This report do not give much indication of what the setup is and whether it follows the advices in the documentation.
/me do totally not understand why people insist on running a two-tier setup when it is so much more complicated than apache+mod_wsgi.
Comment by Dan Fedak, on 2014-11-26 00:50
Proxy settings are this (from wiki):
proxy_redirect off; proxy_set_header Host $host; ## needed for container auth #proxy_set_header REMOTE_USER $remote_user; #proxy_set_header X-Forwarded-User $remote_user; proxy_set_header X-Url-Scheme $scheme; proxy_set_header X-Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy-host $proxy_host; #proxy_set_header X-Forwarded-Proto https; proxy_buffering off; proxy_connect_timeout 7200; proxy_send_timeout 7200; proxy_read_timeout 7200; proxy_buffers 8 32k; client_max_body_size 1024m; client_body_buffer_size 128k; large_client_header_buffers 8 64k;
Comment by Dan Fedak, on 2014-11-26 00:54
Main NGINX.conf file is this (again from wiki):
upstream rc { server 127.0.0.1:5000; # add more instances for load balancing #server 127.0.0.1:5001; #server 127.0.0.1:5002; } server { listen 8443; server_name hghub.server.com; access_log /usr/local/var/log/nginx/hghub.access.log; error_log /usr/local/var/log/nginx/hghub.error.log; ssl on; ssl_certificate /usr/local/etc/openssl/certs/server_wildcard.crt; ssl_certificate_key /usr/local/etc/openssl/private/server_wildcard.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5; ssl_prefer_server_ciphers on; ## uncomment root directive if you want to serve static files by nginx ## requires static_files = false in .ini file #root /path/to/installation/kallithea/public; include /usr/local/etc/nginx/proxy.conf; location / { try_files $uri @rhode; } location @rhode { proxy_pass http://rc; } }
Comment by Mads Kiilerich, on 2014-11-26 00:56
Kallithea version?
Backend setup?
Comment by Thomas De Schampheleire, on 2015-05-06 19:58
@dfedak Is this still a problem?
Comment by Koen Ekelschot, on 2015-05-21 20:11
@dfedak I managed to solve this (for version 0.2.1) by making two minor adjustments to the nginx.conf. I've added ":$server_port" to the Host and X-Host, and now it's working fine for me.
proxy_redirect off; proxy_set_header Host $host:$server_port; ## needed for container auth #proxy_set_header REMOTE_USER $remote_user; #proxy_set_header X-Forwarded-User $remote_user; proxy_set_header X-Url-Scheme $scheme; proxy_set_header X-Host $http_host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy-host $proxy_host; #proxy_set_header X-Forwarded-Proto https; proxy_buffering off; proxy_connect_timeout 7200; proxy_send_timeout 7200; proxy_read_timeout 7200; proxy_buffers 8 32k; client_max_body_size 1024m; client_body_buffer_size 128k; large_client_header_buffers 8 64k;
Comment by Dan Fedak, on 2015-05-22 09:50
Thanks for this. Will try and see if it sorts it out.
Comment by Thomas De Schampheleire, on 2015-05-25 19:49
@dfedak @kmekelschot When the suggestion is confirmed, I think we should update the documentation (http://kallithea.readthedocs.org/en/latest/setup.html#nginx-virtual-host-example). Patches are very welcome!
Comment by Thomas De Schampheleire, on 2015-06-16 19:50
@dfedak @kmekelschot Any feedback?
Comment by Thomas De Schampheleire, on 2015-07-07 18:02
Bump
Comment by Thomas De Schampheleire, on 2015-07-27 20:01
Documentation to be improved.
Comment by Thomas De Schampheleire, on 2015-07-27 20:20
Comment by chico adelio, on 2015-08-15 02:07
you can add http to https redirect on the server conf
server { listen 80; server_name yourxxx.com; location / { return 301 https://$server_name$request_uri; } }
Comment by Mads Kiilerich, on 2015-08-15 02:43
The Kallithea application should however still be informed which protocol / hostname / port / path it should use for URLs it generates and puts in for example HTTP redirects and mails and other strings. Kallithea will by default use whatever the WSGI environment is telling it. If the WSGI server (and the proxy server that might be in front of it) can't be configured correctly, it might be possible to use the workarounds partly described on http://kallithea.readthedocs.org/en/0.2/setup.html#https-support .