search

TrafeX / docker-php-nginx

Docker image with PHP-FPM 8.3 & Nginx 1.26 on Alpine Linux
https://hub.docker.com/r/trafex/php-nginx
MIT License
1.37k stars 736 forks source link

Disable absolute_redirect #82

Closed jlxip closed 2 years ago

jlxip commented 2 years ago

If this is a docker image, then it is safe to assume that most of the time it will be used in a container behind another nginx proxy.

Let's consider the scenario:

internet -> nginx https (443) -> docker (local port, let's say 8001) -> this container (8080)

Let's now consider the access:

https://example.com/pub

Assuming pub is a directory, nginx will try to add the slash at the end, and the following redirect will take place:

https://example.com/pub -> http://example.com:8080/pub/

(Please do try it)

Both the protocol (https -> http) and the port (443 -> 8080) change, leaving the site unaccessible. A solution would be to disable port_in_redirect in the nginx configuration. That change produces:

https://example.com/pub -> http://example.com/pub/ -> https://example.com/pub/

(Please try it)

The site is now accessible, but there's an extra redirect because of the protocol change. absolute_redirect leaves both the protocol and the port behind so a single redirect takes place.

https://example.com/pub -> /pub/ (which the browser interprets as https://example.com/pub/)

Even though the nginx.conf file can be changed by just binding another file to it, I think it would be better if the default config took this into account.

TrafeX commented 2 years ago

Hi @jlxip,

Thank you for your contribution, that indeed looks like a sane default :+1:

maggie44 commented 2 years ago

@jlxip do you know how this differs to port_in_redirect?

jlxip commented 2 years ago

@maggie0002 🤨 I literally gave an explanation above

maggie44 commented 2 years ago

Ha, yes, that was stupidly vague of me.

I have been using this image but not behind a proxy as how you have detailed here. This whole time I have mounted a config file and been using port_in_redirect to resolve an issue. I am trying to grasp the technical distinctions between the two under the hood to understand the implications of no longer mounting my config file and using this default config file with the absolute_redirect. Is it purely the different redirect strategy of one less hop? I am not in the category of most people in terms of the behind a proxy, and the fact you mentioned what users likely default behaviour would be to rationalise the change I’m trying to gauge the implications for those who are ‘not most people’.

Nginx docs as always are rather vague on the matter.