Mailing List Archive: Catalyst: Users

X-Forwarded-Port works no more?

Index | Next | Previous | View Threaded

tarkhil at over

Jul 23, 2012, 12:48 AM

Post #1 of 5 (399 views)
Permalink

X-Forwarded-Port works no more?

Hello,

I'm setting up MojoMojo, https-protected.

However, it keeps making http: urls.

Setting X-Forwarded-Port did not help a bit, and trying to grep
X-Forwarded-Port to 443 did not help as well.

I've set fastcgi_param HTTPS 1, and it helps, but why X-Forwarded-Port
is mentioned but does not work?

Alex

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/

bobtfish at bobtfish

Jul 23, 2012, 10:52 AM

Post #2 of 5 (386 views)
Permalink

Re: X-Forwarded-Port works no more? [In reply to]

On 23 Jul 2012, at 08:48, Alex Povolotsky wrote:

> Hello,
>
> I'm setting up MojoMojo, https-protected.
>
> However, it keeps making http: urls.
>
> Setting X-Forwarded-Port did not help a bit, and trying to grep X-Forwarded-Port to 443 did not help as well.
>
> I've set fastcgi_param HTTPS 1, and it helps, but why X-Forwarded-Port is mentioned but does not work?

Your post implies that your running the app as an FCGI, however you're caring about X-Forwarded headers, which are only relevant if you're running the app behind a proxy.

Which (or both) of these are you specifying?

Can you show us your web server config, and app config?

Cheers
t0m

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/

tarkhil at over

Jul 23, 2012, 11:22 PM

Post #3 of 5 (386 views)
Permalink

Re: X-Forwarded-Port works no more? [In reply to]

On 07/23/12 21:52, Tomas Doran wrote:
> On 23 Jul 2012, at 08:48, Alex Povolotsky wrote:
>
>> Hello,
>>
>> I'm setting up MojoMojo, https-protected.
>>
>> However, it keeps making http: urls.
>>
>> Setting X-Forwarded-Port did not help a bit, and trying to grep X-Forwarded-Port to 443 did not help as well.
>>
>> I've set fastcgi_param HTTPS 1, and it helps, but why X-Forwarded-Port is mentioned but does not work?
>
> Your post implies that your running the app as an FCGI, however you're caring about X-Forwarded headers, which are only relevant if you're running the app behind a proxy.
>
> Which (or both) of these are you specifying?
>
> Can you show us your web server config, and app config?
>

Yes, FCGI

=== nginx.conf ===
server {
listen 443;
server_name wiki.example.com;

ssl on;
ssl_certificate dev.crt;
ssl_certificate_key dev.key;

ssl_session_timeout 5m;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location /static {
root /usr/local/share/mojomojo/root;
}
location / {
proxy_set_header X-Forwarded-Port 443;
include fastcgi_params;
client_max_body_size 128m;
proxy_read_timeout 600;
proxy_connect_timeout 600;
fastcgi_param HTTPS 1; # Only this line helps
fastcgi_pass unix:/tmp/.mojomojo.socket;

}
#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}

=== mojomojo.conf ===
name MojoMojo
using_frontend_proxy 1
# other settings are 100% irrelevant to FCGI

=== run script ===
#!/bin/sh
exec setuidgid www envdir ./env /usr/local/bin/mojomojo_fastcgi.pl -l
/tmp/.mojomojo.socket -n 4 -e --proc_title MojoMojo

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/

i at h2l

Jul 24, 2012, 8:02 PM

Post #4 of 5 (380 views)
Permalink

Re: X-Forwarded-Port works no more? [In reply to]

I'm afraid only Catalyst::Engine::CGI cares about X-Forwarded-Port as
described in the doc.
You can try to write your own uri_for() to use X-Forwarded-Port.

On Tue, Jul 24, 2012 at 3:22 PM, Alex Povolotsky <tarkhil [at] over> wrote:
> On 07/23/12 21:52, Tomas Doran wrote:
>>
>> On 23 Jul 2012, at 08:48, Alex Povolotsky wrote:
>>
>>> Hello,
>>>
>>> I'm setting up MojoMojo, https-protected.
>>>
>>> However, it keeps making http: urls.
>>>
>>> Setting X-Forwarded-Port did not help a bit, and trying to grep
>>> X-Forwarded-Port to 443 did not help as well.
>>>
>>> I've set fastcgi_param HTTPS 1, and it helps, but why X-Forwarded-Port is
>>> mentioned but does not work?
>>
>>
>> Your post implies that your running the app as an FCGI, however you're
>> caring about X-Forwarded headers, which are only relevant if you're running
>> the app behind a proxy.
>>
>> Which (or both) of these are you specifying?
>>
>> Can you show us your web server config, and app config?
>>
>
> Yes, FCGI
>
> === nginx.conf ===
> server {
> listen 443;
> server_name wiki.example.com;
>
> ssl on;
> ssl_certificate dev.crt;
> ssl_certificate_key dev.key;
>
> ssl_session_timeout 5m;
>
> ssl_protocols SSLv2 SSLv3 TLSv1;
> ssl_ciphers HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
>
> location /static {
> root /usr/local/share/mojomojo/root;
> }
> location / {
> proxy_set_header X-Forwarded-Port 443;
> include fastcgi_params;
> client_max_body_size 128m;
> proxy_read_timeout 600;
> proxy_connect_timeout 600;
> fastcgi_param HTTPS 1; # Only this line helps
> fastcgi_pass unix:/tmp/.mojomojo.socket;
>
> }
> #error_page 404 /404.html;
>
> # redirect server error pages to the static page /50x.html
> #
> error_page 500 502 503 504 /50x.html;
> location = /50x.html {
> root /usr/local/www/nginx-dist;
> }
> }
>
> === mojomojo.conf ===
> name MojoMojo
> using_frontend_proxy 1
> # other settings are 100% irrelevant to FCGI
>
> === run script ===
> #!/bin/sh
> exec setuidgid www envdir ./env /usr/local/bin/mojomojo_fastcgi.pl -l
> /tmp/.mojomojo.socket -n 4 -e --proc_title MojoMojo
>
>
>
> _______________________________________________
> List: Catalyst [at] lists
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
> Dev site: http://dev.catalyst.perl.org/

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/

bobtfish at bobtfish

Jul 25, 2012, 12:07 AM

Post #5 of 5 (378 views)
Permalink

Re: X-Forwarded-Port works no more? [In reply to]

On 24 Jul 2012, at 07:22, Alex Povolotsky wrote:

> On 07/23/12 21:52, Tomas Doran wrote:
>> On 23 Jul 2012, at 08:48, Alex Povolotsky wrote:
>>
>>> Hello,
>>>
>>> I'm setting up MojoMojo, https-protected.
>>>
>>> However, it keeps making http: urls.
>>>
>>> Setting X-Forwarded-Port did not help a bit, and trying to grep X-Forwarded-Port to 443 did not help as well.
>>>
>>> I've set fastcgi_param HTTPS 1, and it helps, but why X-Forwarded-Port is mentioned but does not work?
>>
>> Your post implies that your running the app as an FCGI, however you're caring about X-Forwarded headers, which are only relevant if you're running the app behind a proxy.
>>
>> Which (or both) of these are you specifying?
>>
>> Can you show us your web server config, and app config?
>>
>
> Yes, FCGI
>

<snip>

> fastcgi_param HTTPS 1; # Only this line helps

<snip>

What does you mean with the comment there? I'd expect that line to be there, be necessary, and make things work?

> === mojomojo.conf ===
> name MojoMojo
> using_frontend_proxy 1

You do not want to set this - you are not using a frontend proxy.

Cheers
t0m

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads