[Bug] ComicControl defaults to incorrect scheme when behind reverse proxy

JulianWebb commented 2 years ago

ComicControl v4.2.9

Description of Problem

When using ComicControl behind a reverse proxy (in this case, Traefik), it defaults to using the HTTP scheme on it's URLs rather than follow the scheme set in the root option during the installation process.

Steps to Reproduce

These steps assume you have a server running Docker v20.10.17 or later with the Compose Plugin and a Traefik container running and monitoring on the outbound network.

Create the following docker-compose.yml in the project directory
```
version: "3.7"
```

services: nginx: image: lscr.io/linuxserver/nginx:latest container_name: comiccontrol_nginx environment:

PUID
PGID
TZ volumes:
"./nginx:/config" networks:
comiccontrol
outbound restart: unless-stopped labels:
"traefik.http.routers.comiccontrol.rule=Host(example.org)"
"traefik.http.routers.comiccontrol.entrypoints=web,webSecure"
"traefik.http.routers.comiccontrol.service=comiccontrol"
"traefik.http.services.comiccontrol.loadbalancer.server.port=80" depends_on:
mariadb mariadb: image: lscr.io/linuxserver/mariadb:latest container_name: comiccontrol_mariadb environment:
PUID
PGID
TZ
MYSQL_ROOT_PASSWORD
MYSQL_DATABASE
MYSQL_USER
MYSQL_PASSWORD volumes:
"./mariadb:/config" networks:
comiccontrol restart: unless-stopped

networks: comiccontrol: outbound: external: true

(*note: replace `example.org` with a valid domain under your control*)

2. Populate `.env` in the same directory with the following variables:

| Variable | Definition |
| -- | -- |
| PUID | The ID of the running user, generally want it to be the same as host server user (`id -u`) | 
| PGID | The ID of the running group, generally want it to be the same as host server group (`id -g`) |
| TZ | The server's timezone (e.g. `America/Vancouver`) |
| MYSQL_ROOT_PASSWORD | The root password for your MariaDB instance |
| MYSQL_DATABASE | The database to create for ComicControl |
| MYSQL_USER | The user to create for ComicControl |
| MYSQL_PASSWORD | The password for the user for ComicControl |

3. start the containers with `docker compose up -d`

4. unzip the latest comiccontrol zip into `${PWD}/nginx/www/`

5. replace `${PWD}/nginx/nginx/site-conf/default.conf` with the following

```conf
server {
    listen 80 default_server;

    root /config/www/;
    index index.php;

    server_name _;

    client_max_body_size 0;

    location / {
        try_files $uri /index.php?$uri&$args;
    }

    location /comiccontrol {
        try_files $uri /comiccontrol/index.php?$uri&$args;
    }    

    location ~ ^(.+\.php)(.*)$ {
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }
}

Stop the docker containers (docker compose down) and restart them
Go to example.org/comiccontrol/ to set up the install, make sure to configure the root to have the HTTPS scheme
Try using the site after install and find it's linking things as HTTP

Potential Solution

It seems the culprit is this function designed to disregard the scheme of the root value in favour of the one being use to request the document.

I would recommend dropping this function, either by trusting the root value's scheme or by utilizing the the relative reference resolution that dropping the scheme would provide (e.g. "//example.org")

JulianWebb commented 2 years ago

Changing the function to

    private function setProtocol($url){
        $baseurl = substr($url,strpos($url,'/'));
        return $baseurl;
    }

causes the site to work normally, though it does make some of the printed links look wrong.

JulianWebb commented 2 years ago

It looks like the RSS Builders run into a similar issue.

erintheunready / ComicControl