Forum OpenACS Development: Re: ns_set returns "" when proxy_mode is true

Collapse
Posted by Gustaf Neumann on
Dear Iuri,

You have probably found an issue, that was fixed about a year ago [1], where OpenACS reacted unfriendly in case of incorrect configurations. The more robust, actual code is in [2].

If you want to use nginx as secure proxy, you have to add a line like the following to you nginx config file.

proxy_set_header        X-SSL-Request 1;

.. and yes, we are using nginx as secure proxy on some sites, and "ad_conn behind_secure_proxy_p" returns 1. This has nothing to do with Debian or NaviServer.

[1] https://github.com/openacs/openacs-core/commit/05c58b86a65e39091565891128ddc76622928014
[2] https://github.com/openacs/openacs-core/blob/master/packages/acs-tcl/tcl/request-processor-procs.tcl#L1603

Collapse
Posted by Iuri Sampaio on
Hi Gustaf,

Even with NGINX parameter assigned (i.e. proxy_set_header), and proxy_mode assigned to "true" (i.e. within ns-config.tcl), most of the links weren't affected.

proxy_set_header X-SSL-Request 1;

# Are we running behind a proxy?
set proxy_mode false

In fact, the system behaves better when proxy_mode is false and NGINX is present. It's weird and unexpected.

Furthermore, I enabled the parameter SuppressHttpPort (i.e. acs-tcl parameter), and I noticed fewer port redirections, and that was a good sign.

Actually, there's only one now, at /admin/ section (i.e. Subsite Administration: Main Site).

It's the last link in the page:

"ACS Site-Wide Administration (Site-wide administration)", which links to /acs-admin/

When I click on that one, the address changes from
https://iurix.com/acs-admin/ to https://iurix.com:8443/acs-admin/

I solved it, by restarting NaviServer listening on IP 0.0.0.0. But that isn't the best solution.
Before it was only localhost 127.0.0.1, as per your scripts, and that better!

The problem isn't quite solved yet, but at least now, It's easier to track down the bug within OACS core!

Let you know when I find anything.