SilverStripe 4 behind HAProxy - absolute URL has wrong protocol
Today I installed my latest project on the provided server and had some "mixed content" issues due to SilverStripe generating a "http" basetag on a https site. The reason was, it didn't see that it should server absolute https urls, cause it's installed behind a HAProxy instance. This is pretty annoying but with a little help of my friends on slack it was easy to solve.
I put a simple php script on the server, that did a var_dump($_SERVER); to see how SilverStripe sees the current request. This showed that the REQUEST_SCHEME is set to "http". Even if I call the site with a https url. Weird. Scrolling down I found that HTTP_X_FORWARDED_PROTO is set to "https". Well, that's something.
Tim (dorsetdigital) suggested to alter the projects .htaccess file and set an environment variable (well, that could also be set in the global environment):
SetEnvIf X-Forwarded-Proto "https" HTTPS=on
Which solved this problem for me. Tim also says:
Obviously, this is just you telling the webserver that the connection is https... it may not be. If the proxy is on the same machine and communicates with the webserver via a local socket, then it's arguably less of an issue... if the proxy is remote, then you will still have an unencrypted leg in the route.
Post your comment
Comments
Dan 11/10/2019 3:30pm (5 years ago)
You have to set the `SS_TRUSTED_PROXY_IPS` environment variable when your site is behind a proxy so that the x-forwarded-* headers are trusted.
No one has commented on this page yet.
RSS feed for comments on this page | RSS feed for all comments