Bug 851270
Summary: | $_SERVER['SERVER_PORT'] returns 80 indirectly causing ssl_error_rx_record_too_long errors | ||
---|---|---|---|
Product: | OKD | Reporter: | clive darra <cdrh> |
Component: | Containers | Assignee: | Rob Millner <rmillner> |
Status: | CLOSED CANTFIX | QA Contact: | libra bugs <libra-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.x | CC: | admiller, mfisher, mmcgrath |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-09-13 23:47:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
clive darra
2012-08-23 15:57:43 UTC
wikka.config.php now fixed WORKS https://lamp1-fsse8info.rhcloud.com/wikka.php?wakka=PageIndex https://lamp1-fsse8info.rhcloud.com:443/wikka.php?wakka=PageIndex RETURNS ssl_error_rx_record_too_long ERROR https://lamp1-fsse8info.rhcloud.com:80/y.y https://lamp1-fsse8info.rhcloud.com:80/wikka.php?wakka=PageIndex somewhere something is appending :80 to the hostname https://lamp1-fsse8info.rhcloud.com/pi.php says SERVER_PORT 80 OPENSHIFT_INTERNAL_PORT 8080 shouldnt that be SERVER_PORT 443 Verified. Interesting thing to note though, the application setup and functionality appears to work just fine until you navigate directly to that URL. I was able to setup and configure a few users and navigate the site/application, create pages, etc. but as soon as I went to :80/wikka.php?wakka=HomePage it all went bad, I get the same ssl error and when I try to go anywhere else on the site I now either get the ssl error or the CSS doesn't load and its just a very garbled web page. I believe this to be related to the Rewrite Rules in the WikkaWiki .htaccess file because as soon as I delete the .htaccess from my git repo, commit, and push then the URL takes me back to the WikkaWiki install/setup page. I assume this to be a combination of assumptions from WikkaWiki and the way OpenShift sets up the php environment/cartridge. SSL terminates at the front-end Apache and the request is proxied to the back-end Apache+PHP as http on port 8080. As a hint to the application (WSGI requires this, its set as a courtesy on other frameworks), the Apache environment variable "HTTPS" is set. We may need to force SERVER_PORT as well. I'm not able to force SERVER_PORT in the configuration. Tried setting UseCanonicalPhysicalPort, UseCanonicalName, ServerName and X_Forwarded_Port to have it inferred properly. Tried using SetEnv and SetEnvIF to force it. These appear to be related: https://bugs.php.net/bug.php?id=40579 http://forum.modrewrite.com/viewtopic.php?f=10&t=39684 Will keep doing more research; but you may just have to modify the wiki code. In wikka.php and setup/test/test-mod-rewrite.php, comment out the portion where SERVER_PORT is used. Ex: change line 131 in wikka.php to read: // $t_port = ':'.$_SERVER['SERVER_PORT']; $t_port = ''; I'll try to find a solution that sets SERVER_PORT properly. many thanks for all your research the problem is that openshift seems to run both http and https over port 80 (or maybe port 8080 ?) anyhow $_SERVER['SERVER_PORT'] is returning 80 regardless wikkawiki assumes that http runs over port 80 and https runs over port 443 so if after the wikka.php url checker line if ((('http://' == $t_scheme) && (':80' == $t_port)) || (('https://' == $t_scheme) && (':443' == $t_port))) i add as you suggest $t_port = ''; it should work fine and theres a second ref to $_SERVER['SERVER_PORT'] that you need to modify too on line 176 $server_port = ':'.$_SERVER['SERVER_PORT']; if ((('http://' == $scheme) && (':80' == $server_port)) || (('https://' == $scheme) && (':443' == $server_port))) { $server_port = ''; } $server_port = ''; Instead of server port, The X-Forwarded-Proto header should be used to determine if http or https is being used. I'm not able to find a way to override SERVER_PORT. Terminating SSL on the front-end and using http to communicate to the back-end is fundamental to our current architecture. Unfortunately, any applications that use SERVER_PORT to determine whether they are on SSL need to be modified to check for SSL or X-Forwarded-Proto. |