Forum OpenACS Development: Untrusted host header
Indeed, 127.0.0.1 and 8443 are present /etc/config.tcl file and I have no intention to assign external IP neither 443, because NGINX is there.
set httpsport 8443
# The hostname and address should be set to actual values.
# setting the address to 0.0.0.0 means aolserver listens on all interfaces
set hostname evex.co
set address_v4 127.0.0.1
Another parameter amended is proxy_mode. I expected it'd do the whole magic.
# Are we running behind a proxy?
#set proxy_mode false
set proxy_mode true
Is there anything else to amend in order to make OACS core capable to assign header values properly?
Futhermore, I've noticed before the warning, there are some validations referencing host_node_map.
[07/Jul/2018:13:12:38][2783.7fe0b0a3d700][-conn:evex:0:1032-] Notice: checking entry 127.0.0.1 from host_node_map ->
Is it possible to somehow create a pair with 127.0.0.1 ?
I tried so, but / is not available in the list of application to pair
I was expecting to resolve it by simply forwarding 127.0... to / (i.e. mainsite.)
[07/Jul/2018:13:12:38][2783.7fe0b0a3d700][-conn:evex:0:1032-] Warning: ignore untrusted host header field: '127.0.0.1:8443'
How would I fix the headers in order they have the correct host ?
For *util_current_location* to find the correct URL and not fall back, make sure to set the "Host" header in NGINX like
proxy_set_header Host $host:443;
On OpenACS sites, in most cases, there is only one server configured. When the host header field contains a value, which is unknown, it falls back to the default server - which is for OpenACS the right thing. The accepted values are defined per driver in the */servers" section, where a domain name or IP address is mapped to the logical server (see e.g. ). In case, an OpenACS instance should be called under different names, these should be added to this section in the configuration file. Note that versions of NaviServer (4.99.16 or newer, see ) require less entries there.
When running behind a proxy, it is probably better to add the expected entry to the */servers section, since the host header sent to nginx could as well contain already a port, so the concatenation might be as well a problem.
All the best