MrPetovan
commented
8 months ago Hi, what is your system url config value? You might need to switch it to HTTPS.
Closed oculos closed 8 months ago
MrPetovan
commented
8 months ago Hi, what is your system url config value? You might need to switch it to HTTPS.
oculos
commented
8 months ago It has the https:
system.url => https://social.babb.noAnd the install page shows this:
No TLS detected
Failed to detect TLS that secures the communication between the browser and the new Friendica server. It is highly encouraged to use Friendica only over a secure connection as sensitive information like passwords will be transmitted. Please ensure that the connection to the server is secure.
oculos
commented
8 months ago It is also weird that when I move local-example.config.php to local.config.php, I get internal errors...
MrPetovan
commented
8 months ago It looks like the TLS connection is terminated by one of your proxies, which PHP interprets as not being a TLS connection at all.
Are you able to log in as your administrator account and navigate to this page: https://social.babb.no/admin/phpinfo ?
There might be a quirk in the way your setup exposes your TLS configuration that prevents it from working.
oculos
commented
8 months ago It looks like the TLS connection is terminated by one of your proxies, which PHP interprets as not being a TLS connection at all.
Are you able to log in as your administrator account and navigate to this page: https://social.babb.no/admin/phpinfo ?
There might be a quirk in the way your setup exposes your TLS configuration that prevents it from working.
I have:
1 - one nginx reverse proxy, that's the one my 443 terminates, and traffic goes to my cluster 2 - one ingress (nginx), that gets port 80
Isn't force_ssl supposed to force https on all links?
I can't log in to my admin since I can't pass the install page.
MrPetovan
commented
8 months ago The exact working of system.force_ssl is to force https on all the GET links if the current connection isn't TLS and if the potential proxy connection isn't TLS either. I assume it fails the latter condition. I'm not sure why HTTP links are created but I'm guessing it has to do with the current connection not being TLS but the proxy connection being TLS.
What output does > bin/console config system url give?
oculos
commented
8 months ago The exact working of
system.force_sslis to force https on all the GET links if the current connection isn't TLS and if the potential proxy connection isn't TLS either. I assume it fails the latter condition. I'm not sure why HTTP links are created but I'm guessing it has to do with the current connection not being TLS but the proxy connection being TLS.What output does
> bin/console config system urlgive?
root@friendica-5b48c4686d-f69sd:/var/www/html# bin/console config system url
system.url => https://social.babb.noI think I fixed the https problem - I used the fpm image instead, as well as an nginx image. However, after installation, I am getting these errors:
Deprecated: Return type of Friendica\Core\Session\Handler\Cache::read($id) should either be compatible with SessionHandlerInterface::read(string $id): string|false, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /var/www/html/src/Core/Session/Handler/Cache.php on line 49
Deprecated: Return type of Friendica\Core\Session\Handler\Cache::gc($max_lifetime): bool should either be compatible with SessionHandlerInterface::gc(int $max_lifetime): int|false, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /var/www/html/src/Core/Session/Handler/Cache.php on line 113
Warning: ini_set(): Session ini settings cannot be changed after headers have already been sent in /var/www/html/src/Core/Session/Type/Native.php on line 36
Warning: ini_set(): Session ini settings cannot be changed after headers have already been sent in /var/www/html/src/Core/Session/Type/Native.php on line 37
Warning: ini_set(): Session ini settings cannot be changed after headers have already been sent in /var/www/html/src/Core/Session/Type/Native.php on line 38
Warning: ini_set(): Session ini settings cannot be changed after headers have already been sent in /var/www/html/src/Core/Session/Type/Native.php on line 41
Warning: session_set_save_handler(): Session save handler cannot be changed after headers have already been sent in /var/www/html/src/Core/Session/Type/Native.php on line 45
Warning: session_start(): Session cannot be started after headers have already been sent in /var/www/html/src/Core/Session/Type/Native.php on line 54
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/src/Core/Session/Handler/Cache.php:31) in /var/www/html/src/Core/System.php on line 492
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/src/Core/Session/Handler/Cache.php:31) in /var/www/html/src/App/Page.php on line 411
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/src/Core/Session/Handler/Cache.php:31) in /var/www/html/src/App/Page.php on line 424What could it be?
MrPetovan
commented
8 months ago These are PHP 8 deprecation messages, they have been fixed in the latest Friendica Release Candidate branch because someone else got them as well: https://github.com/friendica/friendica/issues/13699
Hi,
I am trying to deploy Friendica using the apache image. The thing is that I don't think Friendica is detecting that I am behind a reverse proxy (actually, two - one main nginx reverse proxy outside my cluster, and an nginx ingress on my k8s cluster).
The html generated by the image is full of
http://url's, so I am getting lots of errors:Is there any setting to force ssl on Friendica, so that the url's reflect that?
I tried this:
I changed a config file to force_ssl anyway, and it seems it is set that way:
But it doesn't make any difference: all the links are http, and therefore things are not working: