Message of the day:
A virtual pony is still a pony
All things virtual
Hmm, seems to work okay on my Vagrant environment (using nginx as proxy).
These are the headers I am settings in Nginx.
- - 'Host $host'
- - 'Proxy ""'
- - 'X-Real-IP $remote_addr'
- - 'X-Forwarded-For $proxy_add_x_forwarded_for'
- - 'X-Forwarded-Host $host'
- - 'X-Forwarded-Proto $scheme'
- - 'X-Forwarded-Protocol $scheme'
- - 'X-Real-Port $server_port'
- - 'X-Forwarded-Port $server_port'
I am also using the following config changes in Nginx that may be related
- real_ip_header: 'X-Forwarded-For'
- nginx::config::proxy_connect_timeout: '120'
- nginx::config::proxy_send_timeout: '120'
- nginx::config::proxy_read_timeout: '240'
- nginx::config::proxy_buffer_size: '256k'
- nginx::config::proxy_buffers: '4 256k'
I’ll find it
Hmm, it seems somehow connected to ErrorHandler which redirects to Security/login which when not forced to SSL actually goes to http only
it seems like the Security mechanism somehow kicks in before that and the check is_https in director always returns false
Yep, that all works for front-end of the site. But when I go to the admin, it’s ignored.
Are you overloading / replacing the
TrustedProxyMiddleware in your site code?
If your site is using
SS_TRUSTED_PROXY_IPS (e.g. set it to )*
Then it should set the scheme based on those header values. https://github.com/silverstripe/silverstripe-framework/blob/909723f8e709a5d1720d84739a80e6a9cfa14b17/src/Control/Middleware/TrustedProxyMiddleware.php#L155
as the request seems to be Null
for some reason the
is_https in Director fails for CMS admin to detect
Unfortunately I have not had a whole lot of SS4 experience myself, so am a bit unsure on that one as well. But you shouldn't have to set
base_url or anything like that for SS4 to work with a proxy.
hmm, without alternate_base_tag forcing https the admin controller doesn’t understand the proxy headers for some reason