search

plantuml / plantuml-server

PlantUML Online Server
https://plantuml.com/
GNU General Public License v3.0
1.6k stars 462 forks source link

HTTPS redirects back to HTTP #238

Closed tacerus closed 11 months ago

tacerus commented 1 year ago

Hello,

Thanks for the nice software!

I deployed the server using Tomcat 10 and Java 11 behind an Nginx reverse proxy. I used the sample Nginx configuration file, but instead of plain HTTP I use HTTPS.

Nginx:

server {
        listen                 <public ip>:443 ssl http2;
        server_name            plantuml.lysergic.dev;

        location                / {
                                proxy_pass              http://appserver:8086;
                                proxy_set_header        HOST                           $host;
                                proxy_set_header        X-Forwarded-Host        $host;
                                proxy_set_header        X-Forwarded-Proto       $scheme;
        }
}

Tomcat (server.xml):

....
<Connector port="8086" protocol="HTTP/1.1" connectionTimeout="20000"/>
....

It seems that whilst PlantUML loads fine, and sets the hostpath variable correctly to my full domain including the https:// schema (as confirmed in the rendered source of the site), the form submissions make my browser want to redirect back to http.

This is the browser activity from the point of opening the page to clicking "Submit Query":

image

As one can tell, the initial POST submission is sent to https://, but the location field contains the http:// schema:

image

The resulting GET request then gets stuck with HTTP:

image

Which, given my reverse proxy employs HTTP->HTTPS redirection, ends in an endless redirect loop which my browser aborts.

Did I possibly forget to configure something? Would appreciate any ideas!

Best, Georg

dmitryos commented 1 year ago

Quick workaround meanwhile worked for me:

server { listen xxx ssl; server_name yyy;

error_page 497 301 =307 https://yyy:xxx$request_uri;

location / { proxy_set_header HOST $host:xxx; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://zzz.zzz.zzz.zzz:xxx/;

} }

tacerus commented 1 year ago

Thanks for your snippet - unfortunately it doesn't do the trick for me - and I do not see any 497 or 301 responses which it could be catching either.

tacerus commented 1 year ago

However, I found this workaround:

        location                / {
                                proxy_pass              http://appserver:8086;
                                proxy_set_header        HOST                    $host;
                                proxy_set_header        X-Forwarded-Host        $host;
                                proxy_set_header        X-Forwarded-Proto       $scheme;
                                proxy_redirect          http://$host/ https://$host/;
        }

The proxy_redirect "rewrites" the location header. This works fine for me - but of course it's technically still a hack.

dmitryos commented 1 year ago

That could be some changes in our nginx settings prior to this section? Just for a reference I used this link to solve my redirection: https://stackoverflow.com/questions/15429043/how-to-redirect-on-the-same-port-from-http-to-https-with-nginx-reverse-proxy

tacerus commented 1 year ago

I use a generic HTTP to HTTPS redirect which applies to all of my web applications:

server {
    listen <v4>:80 default_server;
    listen <v6>:80 default_server;
    include snippets/robots;

    location / {
        return 301 https://$host$request_uri;
    }
}

This setup is suggested by Mozilla.

HeinrichAD commented 11 months ago

For documentation purpose:

There exists multiple examples now: