]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
projects / git.ikiwiki.info.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
(no commit message)
[git.ikiwiki.info.git] / doc / bugs / cgi_redirecting_to_non-https_URL.mdwn
diff --git a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
index 042acb6159cad79b8aa05daa8db038d2e81e4b1d..02c04900f978e88143eb3f24716d729f761cbc97 100644 (file)
--- a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
+++ b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
@@ -1,24 +1,53 @@
 I have a private ikiwiki (3.20170111) which is running on a host that serves HTTP and HTTPS, but ikiwiki is configured for (and only served on) HTTPS:
 
-    url: https://<redacted>/phd/
-    cgiurl: https://<redacted>/phd/cgi
+    url: https://redacted/phd/
+    cgiurl: https://redacted/phd/cgi
 
 However, form submissions from ikiwiki are going to a HTTP URL and thus not being served. Example headers from submitting a comment:
 
-```
-Request URL:https://<redacted>/phd/cgi
-Request Method:POST
-Status Code:302 Found
-Remote Address:<redacted>:443
-Referrer Policy:no-referrer-when-downgrade
+
+
+    Request URL:https://redacted/phd/cgi
+    Request Method:POST
+    Status Code:302 Found
+    Remote Address:redacted:443
+    Referrer Policy:no-referrer-when-downgrade
 
 Response Headers
-HTTP/1.1 302 Found
-Server: nginx/1.10.3
-Date: Fri, 08 Dec 2017 11:53:35 GMT
-Content-Length: 0
-Connection: keep-alive
-Status: 302 Found
-Location: http://<redacted>/phd/blog/38th_Dec/?updated#comment-bd0549eb2464b5ca0544f68e6c32221e
-```
 
+    HTTP/1.1 302 Found
+    Server: nginx/1.10.3
+    Date: Fri, 08 Dec 2017 11:53:35 GMT
+    Content-Length: 0
+    Connection: keep-alive
+    Status: 302 Found
+    Location: http://redacted/phd/blog/38th_Dec/?updated#comment-bd0549eb2464b5ca0544f68e6c32221e
+
+> Your form submission was in fact done successfully. The failing redirection to http is
+> when ikiwiki follows up the successful edit by redirecting you from the form submission
+> URL to the updated page, which is done by `IkiWiki::redirect`. --[[smcv]]
+
+The CGI is served by lighttpd, but the whole site is front-ended by nginx, which reverse-proxies to lighttpd.
+
+----
+
+I think this might be to do with nginx not rewriting POST URLs when reverse-proxying, but I'm not sure why
+they would be generated in an HTTP form in any case, except perhaps by lighttpd's CGI handler since the back
+end is HTTP. A workaround is for nginx to redirect any HTTP URI to the HTTPS equivalent. I initially disabled
+that so as to have the path for letsencrypt negotiation not redirected.-- [[Users/Jon]]
+
+> Do you have the `reverse_proxy` option set to 1? (It affects how ikiwiki generates
+> self-referential URLs).
+>
+> Is the connection between nginx and lighttpd http or https?
+>
+> I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with
+> `reverse_proxy: 1`: when marked as behind a reverse proxy,
+> `IkiWiki::redirect` sent `Location: /phd/foo/bar/`, which your backend web
+> server might be misinterpreting. ikiwiki git master now sends
+> `Location: https://redacted/phd/foo/bar/` instead: does that resolve this
+> for you?
+>
+> Assuming nginx has a reasonable level of configuration, you can redirect http to https
+> for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap
+> ACME negotiation. --[[smcv]]
Unnamed repository; edit this file 'description' to name the repository.