Running Plack application behind an HTTPS reverse proxy

[Gurunandan Bhat]

Hi, 

I am attempting to run a CGI application wrapping it by Plack::App::WrapCGI. The application runs fine and as expected. 

However when hosted behind a secure Apache reverse proxy some of the calls continue to try to connect to http rather than https. 

I remember reading somewhere that this can be fixed by passing the correct X-* header but could not locate it when I need it most.

Would really appreciate if someone here could tell me how to ensure that the wrapped application always connects to the secure post

Thanks!

[Ævar Arnfjörð Bjarmason]

On Mon, Oct 22, 2012 at 9:51 PM, Gurunandan Bhat
<bhat.gu...@gmail.com> wrote:
> I am attempting to run a CGI application wrapping it by Plack::App::WrapCGI.
> The application runs fine and as expected.
> However when hosted behind a secure Apache reverse proxy some of the calls
> continue to try to connect to http rather than https.
> I remember reading somewhere that this can be fixed by passing the correct
> X-* header but could not locate it when I need it most.

They continue to connect to what? When you're running behind a proxy
it should be mostly transparent to the application, what is it trying
to connect to exactly? Can you be more specific and provide error
messages, logs etc.

[Robert Stockdale]

Are you using the ReverseProxy middleware?

--

[Gurunandan Bhat]

Apologies - I dont have access to the logs right now - but here is what happens:

1. I am trying to run Bugzilla under PSGI/Plack using the startup script here: https://gist.github.com/3933301
2. All parts of the application run as expected when I access the application at http://<hostname>:5000/
3. I now configure mod_proxy and mod_ssl (Apache 2.4) as a reverse proxy and access the application at https://<secure-hostname>/
4. Most URLs work as expected except a few (possibly internal redirects - but I am not sure) that try to look for http://<secure-hostname>/<path_info> and since no application is running on 80, I get a "page not found"

What must I do to ensure that all links in the the application point to the secure port?

Thank you,

[Michiel Beijen]

Hi,

On Wed, Oct 24, 2012 at 6:38 AM, Gurunandan Bhat
<bhat.gu...@gmail.com> wrote:

> Most URLs work as expected except a few (possibly internal redirects - but I
> am not sure) that try to look for http://<secure-hostname>/<path_info> and
> since no application is running on 80, I get a "page not found"
>
> What must I do to ensure that all links in the the application point to the
> secure port?

Because you already suspect it are internal redirects, and because you
did not mention this explicitly, did you set bugzilla's sslbase and
urlbase parameters correctly?

http://www.bugzilla.org/docs/tip/en/html/parameters.html
--
Michiel

[Gurunandan R. Bhat]

I did set urlbase to the secure link https://<secure-hostname>/.
I tried setting sslbase to the secure host (https://....) but that does
not make any difference. So I unset it
If I understand it correctly, Bugzilla uses the url base only to
generate links embedded inside emails.

I have used native Dancer framework based applications extensively
behind secure proxies and in that case too I had the same problem. I
solved the problem there (in native Dancer applications) by setting
behind_proxy to "true" and setting $ENV{'X-FORWARDED-PROTOCOL'} to
"https" and everything works fine. Can something analogous be done for
legacy applications wrapped inside Plack/PSGI?

Thank you once again for your interest.