brett.tasker

Hmm, seems to work okay on my Vagrant environment (using nginx as proxy).

These are the headers I am settings in Nginx.

  1. - 'Host $host'
  2. - 'Proxy ""'
  3. - 'X-Real-IP $remote_addr'
  4. - 'X-Forwarded-For $proxy_add_x_forwarded_for'
  5. - 'X-Forwarded-Host $host'
  6. - 'X-Forwarded-Proto $scheme'
  7. - 'X-Forwarded-Protocol $scheme'
  8. - 'X-Real-Port $server_port'
  9. - 'X-Forwarded-Port $server_port'

I am also using the following config changes in Nginx that may be related

  1. real_ip_header: 'X-Forwarded-For'
  2.  
  3. nginx::config::proxy_connect_timeout: '120'
  4. nginx::config::proxy_send_timeout: '120'
  5. nginx::config::proxy_read_timeout: '240'
  6. nginx::config::proxy_buffer_size: '256k'
  7. nginx::config::proxy_buffers: '4 256k'
MichalKleiner

Hmm, it seems somehow connected to ErrorHandler which redirects to Security/login which when not forced to SSL actually goes to http only

MichalKleiner

it seems like the Security mechanism somehow kicks in before that and the check is_https in director always returns false

MichalKleiner

Yep, that all works for front-end of the site. But when I go to the admin, it’s ignored.

MichalKleiner

for some reason the is_https in Director fails for CMS admin to detect

brett.tasker

Unfortunately I have not had a whole lot of SS4 experience myself, so am a bit unsure on that one as well. But you shouldn't have to set alternate_base_tag or base_url or anything like that for SS4 to work with a proxy.

MichalKleiner

hmm, without alternate_base_tag forcing https the admin controller doesn’t understand the proxy headers for some reason