Forum

Hiawatha version: Hiawatha v9.7, cache, IPv6, Monitor, reverse proxy, SSL (1.3.8), URL toolkit, XSLT
Operating System: Debian Linux 3.10.44 #1 SMP Sat Jun 21 11:57:38 CEST 2014 x86_64 GNU/Linux
Hello,

I use semi-sharing hosting (like Webfaction) where Hiawatha is serving PHP sites by listening on local port behind Nginx running as reverse proxy.

Now, I again, have to encounter with Tiki CMS and although some code detecting ports have changed, still it does not work properly and we'd like to fix it once for all.

Here is the part of detecting code:

// Check if behind a Frontend-Proxie/Load-Balancer which rewrites ports
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
        if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == "http") {
                $_SERVER['SERVER_PORT'] = 80;
        } else if($_SERVER['HTTP_X_FORWARDED_PROTO'] == "https") {
                $_SERVER['SERVER_PORT'] = 443;
        }
}
// check if the current port is not 80 or 443
if (isset($_SERVER['SERVER_PORT'])) {
        if (($_SERVER['SERVER_PORT'] != 80) && ($_SERVER['SERVER_PORT'] != 443)) {
                if (( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' )) {
                        $prefs['https_port'] = (int) $_SERVER['SERVER_PORT'];
                } else {
                        $prefs['http_port'] = (int) $_SERVER['SERVER_PORT'];
                }
        }
}

if ( $prefs['https_port'] == 443 )
        $prefs['https_port'] = '';

if ( $prefs['http_port'] == 80 ) 
        $prefs['http_port'] = '';

and here you can see snippet from the log file:

127.0.0.1|Fri 10 Oct 2014 15:14:25 +0200|200|88044||GET /lib/jquery_tiki/tiki-jquery.js HTTP/1.0|Host: tiki.sites.djangohosting.ch|X-Real-IP: 193.248.193.185|X-Forwarded-For: 193.248.193.185|X_FORWARDED_PROTO: http|X_FORWARDED_PROTOCOL: http|SCHEME: http|Connection: close|User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0|Accept: */*|Accept-Language: en-US,en;q=0.5|Accept-Encoding: gzip, deflate|Referer: http://tiki.sites.djangohosting.ch/tiki-install.php|Pragma: no-cache|Cache-Control: no-cache

Do you have any idea for which header should Tiki code check to properly detect running behind reverse-proxy?

In the past [www.hiawatha-webserver.org] Hugo replied that Hiawatha does not do any redirecting and considering that we do not have root access to possibly change configuration of Nginx (and probably that's not important considering that bunch of other apps/CMS-es worked fine), the only option is to add proper logic to Tiki to adjust to its working environment.

Any hint?

My guess is that you want the port for redirecting, right? I dont' see why you need the port for that. Redirecting can be done by only using the path (Location: /new/path). And switching from HTTP to HTTPS should be done by the first webserver (the SSL-offloading reverse proxy).

Well, not having influence on the server's nginx configuration and assuming Hiawatha is working as intended, the only option is to fix (once and for all) Tiki's logic of detecting setup where it is supposed to be installed and work.

Here is the snippet of some interesesting server variables:

_SERVER["REQUEST_URI"]	/tiki-check.php?&phpinfo=y
_SERVER["SCRIPT_NAME"]	/tiki-check.php
_SERVER["SCRIPT_FILENAME"]	/some/path/tiki/tiki-check.php
_SERVER["DOCUMENT_ROOT"]	/some/path/tiki
_SERVER["REMOTE_ADDR"]	127.0.0.1
_SERVER["QUERY_STRING"]	&phpinfo=y
_SERVER["SERVER_PORT"]	64915
_SERVER["SERVER_NAME"]	some.tld.com
_SERVER["SERVER_PROTOCOL"]	HTTP/1.0
_SERVER["SERVER_SOFTWARE"]	Hiawatha v9.7
_SERVER["SERVER_ADDR"]	127.0.0.1
_SERVER["REDIRECT_STATUS"]	200
_SERVER["HTTP_HOST"]	some.tld.com
_SERVER["HTTP_X_REAL_IP"]	some.real.ip.address
_SERVER["HTTP_X_FORWARDED_FOR"]	some.real.ip.address
_SERVER["HTTP_SCHEME"]	http

So, do you have any idea what should be added to the above snippet of Tiki code to properly detect that the Hiawatha server is running on 127.0.0.1 and some local port (in this case: 64915) behind Nginx running as reverse proxy and listening on port 80?

If the reverse proxy isn't sending it, there is no way to know about it. It think it's best to build Tiki in a way that you don't have to rely on that information.

Yes, I agree with it and working on providing proper detecting logic.

I don't think that your 'detecting strategy' is the right one. How about avoiding that you have to detect that kind of information. I also write a PHP framework [www.banshee-php.org], but I have never needed that kind of information to make my framework work. Not even when behind a reverse proxy. I really think that should be your approach.

That's even better.

However, considering that I'm not familiar with the codebase and just starting with PHP (when many people are turning away ) I'll be satisfied by fixing it first...admitting the code dealing with this issue should be refactored and simplified, but, first things first.