X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/e2d7c1e8f40ff1c44a84d65151ffccc40ef67203..0ca509859be54fa167ba8f0514dd10e3f96aaa58:/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn?ds=inline diff --git a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn index 042acb615..02c04900f 100644 --- a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn +++ b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn @@ -1,24 +1,53 @@ I have a private ikiwiki (3.20170111) which is running on a host that serves HTTP and HTTPS, but ikiwiki is configured for (and only served on) HTTPS: - url: https:///phd/ - cgiurl: https:///phd/cgi + url: https://redacted/phd/ + cgiurl: https://redacted/phd/cgi However, form submissions from ikiwiki are going to a HTTP URL and thus not being served. Example headers from submitting a comment: -``` -Request URL:https:///phd/cgi -Request Method:POST -Status Code:302 Found -Remote Address::443 -Referrer Policy:no-referrer-when-downgrade + + + Request URL:https://redacted/phd/cgi + Request Method:POST + Status Code:302 Found + Remote Address:redacted:443 + Referrer Policy:no-referrer-when-downgrade Response Headers -HTTP/1.1 302 Found -Server: nginx/1.10.3 -Date: Fri, 08 Dec 2017 11:53:35 GMT -Content-Length: 0 -Connection: keep-alive -Status: 302 Found -Location: http:///phd/blog/38th_Dec/?updated#comment-bd0549eb2464b5ca0544f68e6c32221e -``` + HTTP/1.1 302 Found + Server: nginx/1.10.3 + Date: Fri, 08 Dec 2017 11:53:35 GMT + Content-Length: 0 + Connection: keep-alive + Status: 302 Found + Location: http://redacted/phd/blog/38th_Dec/?updated#comment-bd0549eb2464b5ca0544f68e6c32221e + +> Your form submission was in fact done successfully. The failing redirection to http is +> when ikiwiki follows up the successful edit by redirecting you from the form submission +> URL to the updated page, which is done by `IkiWiki::redirect`. --[[smcv]] + +The CGI is served by lighttpd, but the whole site is front-ended by nginx, which reverse-proxies to lighttpd. + +---- + +I think this might be to do with nginx not rewriting POST URLs when reverse-proxying, but I'm not sure why +they would be generated in an HTTP form in any case, except perhaps by lighttpd's CGI handler since the back +end is HTTP. A workaround is for nginx to redirect any HTTP URI to the HTTPS equivalent. I initially disabled +that so as to have the path for letsencrypt negotiation not redirected.-- [[Users/Jon]] + +> Do you have the `reverse_proxy` option set to 1? (It affects how ikiwiki generates +> self-referential URLs). +> +> Is the connection between nginx and lighttpd http or https? +> +> I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with +> `reverse_proxy: 1`: when marked as behind a reverse proxy, +> `IkiWiki::redirect` sent `Location: /phd/foo/bar/`, which your backend web +> server might be misinterpreting. ikiwiki git master now sends +> `Location: https://redacted/phd/foo/bar/` instead: does that resolve this +> for you? +> +> Assuming nginx has a reasonable level of configuration, you can redirect http to https +> for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap +> ACME negotiation. --[[smcv]]