[doc] Application not 'remembering' custom port

Issue #56 new
Dan Fedak created an issue

When configuring on non-standard port (e.g. 8443) through proxy front-end such as NGINX, the application seems to sometimes 'forget' the port, especially on form submits.

Comments (14)

  1. Mads Kiilerich

    It do remember the port if you configure the wsgi environment correctly - especially that the front-end forwards the connection info correctly to the back-end web server.

    This report do not give much indication of what the setup is and whether it follows the advices in the documentation.

    /me do totally not understand why people insist on running a two-tier setup when it is so much more complicated than apache+mod_wsgi.

  2. Dan Fedak reporter

    Proxy settings are this (from wiki):

    proxy_redirect              off;
    proxy_set_header            Host $host;
    ## needed for container auth
    #proxy_set_header            REMOTE_USER $remote_user;
    #proxy_set_header            X-Forwarded-User $remote_user;
    proxy_set_header            X-Url-Scheme $scheme;
    proxy_set_header            X-Host $http_host;
    proxy_set_header            X-Real-IP $remote_addr;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header            Proxy-host $proxy_host;
    #proxy_set_header X-Forwarded-Proto https;
    proxy_buffering             off;
    proxy_connect_timeout       7200;
    proxy_send_timeout          7200;
    proxy_read_timeout          7200;
    proxy_buffers               8 32k;
    client_max_body_size        1024m;
    client_body_buffer_size     128k;
    large_client_header_buffers 8 64k;
    
  3. Dan Fedak reporter

    Main NGINX.conf file is this (again from wiki):

    upstream rc {
        server 127.0.0.1:5000;
        # add more instances for load balancing
        #server 127.0.0.1:5001;
        #server 127.0.0.1:5002;
    }
    
    server {
       listen          8443;
       server_name     hghub.server.com;
       access_log      /usr/local/var/log/nginx/hghub.access.log;
       error_log       /usr/local/var/log/nginx/hghub.error.log;
    
       ssl on;
       ssl_certificate     /usr/local/etc/openssl/certs/server_wildcard.crt;
       ssl_certificate_key /usr/local/etc/openssl/private/server_wildcard.key;
    
       ssl_session_timeout 5m;
    
       ssl_protocols SSLv3 TLSv1;
       ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
       ssl_prefer_server_ciphers on;
    
       ## uncomment root directive if you want to serve static files by nginx
       ## requires static_files = false in .ini file
       #root /path/to/installation/kallithea/public;
       include         /usr/local/etc/nginx/proxy.conf;
       location / {
            try_files $uri @rhode;
       }
    
       location @rhode {
            proxy_pass      http://rc;
       }
    
    }
    
  4. Koen Ekelschot

    @dfedak I managed to solve this (for version 0.2.1) by making two minor adjustments to the nginx.conf. I've added ":$server_port" to the Host and X-Host, and now it's working fine for me.

    proxy_redirect              off;
    proxy_set_header            Host $host:$server_port;
    ## needed for container auth
    #proxy_set_header            REMOTE_USER $remote_user;
    #proxy_set_header            X-Forwarded-User $remote_user;
    proxy_set_header            X-Url-Scheme $scheme;
    proxy_set_header            X-Host $http_host:$server_port;
    proxy_set_header            X-Real-IP $remote_addr;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header            Proxy-host $proxy_host;
    #proxy_set_header X-Forwarded-Proto https;
    proxy_buffering             off;
    proxy_connect_timeout       7200;
    proxy_send_timeout          7200;
    proxy_read_timeout          7200;
    proxy_buffers               8 32k;
    client_max_body_size        1024m;
    client_body_buffer_size     128k;
    large_client_header_buffers 8 64k;
    
  5. chico adelio

    you can add http to https redirect on the server conf

    server {
        listen 80;
        server_name yourxxx.com;
    
        location / {
             return 301 https://$server_name$request_uri;
        }
    }
    
  6. Mads Kiilerich

    The Kallithea application should however still be informed which protocol / hostname / port / path it should use for URLs it generates and puts in for example HTTP redirects and mails and other strings. Kallithea will by default use whatever the WSGI environment is telling it. If the WSGI server (and the proxy server that might be in front of it) can't be configured correctly, it might be possible to use the workarounds partly described on http://kallithea.readthedocs.org/en/0.2/setup.html#https-support .

  7. Log in to comment