I am attempting to run a CGI application wrapping it by Plack::App::WrapCGI. The application runs fine and as expected. However when hosted behind a secure Apache reverse proxy some of the calls continue to try to connect to http rather than https. I remember reading somewhere that this can be fixed by passing the correct X-* header but could not locate it when I need it most.
Would really appreciate if someone here could tell me how to ensure that the wrapped application always connects to the secure post
<bhat.gurunan...@gmail.com> wrote:
> I am attempting to run a CGI application wrapping it by Plack::App::WrapCGI.
> The application runs fine and as expected.
> However when hosted behind a secure Apache reverse proxy some of the calls
> continue to try to connect to http rather than https.
> I remember reading somewhere that this can be fixed by passing the correct
> X-* header but could not locate it when I need it most.
They continue to connect to what? When you're running behind a proxy
it should be mostly transparent to the application, what is it trying
to connect to exactly? Can you be more specific and provide error
messages, logs etc.
> On Mon, Oct 22, 2012 at 9:51 PM, Gurunandan Bhat
> <bhat.gurunan...@gmail.com> wrote:
> > I am attempting to run a CGI application wrapping it by
> Plack::App::WrapCGI.
> > The application runs fine and as expected.
> > However when hosted behind a secure Apache reverse proxy some of the
> calls
> > continue to try to connect to http rather than https.
> > I remember reading somewhere that this can be fixed by passing the
> correct
> > X-* header but could not locate it when I need it most.
> They continue to connect to what? When you're running behind a proxy
> it should be mostly transparent to the application, what is it trying
> to connect to exactly? Can you be more specific and provide error
> messages, logs etc.
> On Mon, Oct 22, 2012 at 9:51 PM, Gurunandan Bhat
> <bhat.gurunan...@gmail.com> wrote:
> > I am attempting to run a CGI application wrapping it by
> Plack::App::WrapCGI.
> > The application runs fine and as expected.
> > However when hosted behind a secure Apache reverse proxy some of the
> calls
> > continue to try to connect to http rather than https.
> > I remember reading somewhere that this can be fixed by passing the
> correct
> > X-* header but could not locate it when I need it most.
> They continue to connect to what? When you're running behind a proxy
> it should be mostly transparent to the application, what is it trying
> to connect to exactly? Can you be more specific and provide error
> messages, logs etc.
Apologies - I dont have access to the logs right now - but here is what
happens:
1. I am trying to run Bugzilla under PSGI/Plack using the startup script
here: https://gist.github.com/3933301 2. All parts of the application run as expected when I access the
application at http://<hostname>:5000/
3. I now configure mod_proxy and mod_ssl (Apache 2.4) as a reverse proxy
and access the application at https://<secure-hostname>/
4. Most URLs work as expected except a few (possibly internal redirects
- but I am not sure) that try to look for
http://<secure-hostname>/<path_info>
and since no application is running on 80, I get a "page not found"
What must I do to ensure that all links in the the application point to the
secure port?
<bhat.gurunan...@gmail.com> wrote:
> Most URLs work as expected except a few (possibly internal redirects - but I
> am not sure) that try to look for http://<secure-hostname>/<path_info> and
> since no application is running on 80, I get a "page not found"
> What must I do to ensure that all links in the the application point to the
> secure port?
Because you already suspect it are internal redirects, and because you
did not mention this explicitly, did you set bugzilla's sslbase and
urlbase parameters correctly?
> On Wed, Oct 24, 2012 at 6:38 AM, Gurunandan Bhat
> <bhat.gurunan...@gmail.com> wrote:
>> Most URLs work as expected except a few (possibly internal redirects - but I
>> am not sure) that try to look for http://<secure-hostname>/<path_info> and
>> since no application is running on 80, I get a "page not found"
>> What must I do to ensure that all links in the the application point to the
>> secure port?
> Because you already suspect it are internal redirects, and because you
> did not mention this explicitly, did you set bugzilla's sslbase and
> urlbase parameters correctly?
I did set urlbase to the secure link https://<secure-hostname>/.
I tried setting sslbase to the secure host (https://....) but that does not make any difference. So I unset it
If I understand it correctly, Bugzilla uses the url base only to generate links embedded inside emails.
I have used native Dancer framework based applications extensively behind secure proxies and in that case too I had the same problem. I solved the problem there (in native Dancer applications) by setting behind_proxy to "true" and setting $ENV{'X-FORWARDED-PROTOCOL'} to "https" and everything works fine. Can something analogous be done for legacy applications wrapped inside Plack/PSGI?
