Baikal behind SSL termination / web proxy. Unable to login

[mrintegrity]

Hi,

Baikal doesn't work properly behind an ssl terminator / http loadbalancer / proxy. I am using Apsis Pound (great software).

It is required to set the BaseUrl to https://sitename instead of http://sitename. This could be taken from X-Forwarded-Proto which is a header that I add in the proxy.

If anyone could suggest a workaround I would appreciate it, tried looking in the code but it's a little over my head.

[bermeitinger-b]

I got it to work behind a Lighttpd-Proxy by changing the file Core/Frameworks/Fluke in Line 167. I changed the defining of PROJECT_URI to "https://" ...

[ghost]

I found this in Core/Frameworks/Flake/Framework.php. Or you can change line 162 to:

$sProtocol = "https";

It would be nice if HTTPS URLs and cookies could be enforced via configuration eventually.

[IntelligentesTierMaulApollo13]

Is there any update to this problem? Changing just the protocol is not enough! Installation is possible, but afterwards, login fails. I tracked the problem down to how the generation of $sActionUrl works. If I remove the leading slash ( /admin/ -> admin/), login works. But so far sync does not, so I suspect additional changes are necessary.

And I should add that I use a fixed PROJECT_URL (https://proxy domain/real domain/). Once the login has succeeded (via changing html source code before login) the administration panel works like a charm.

[wagnerflo]

I'm having the same problem... making Baikal unusable for me.

[IntelligentesTierMaulApollo13]

I was able to fix the problem. It is caused by two things:

1. Currently baikal ignores every HTTP-X-Forwarded-Field and redirects to the non-https-Version
2. SabreDAV also ignores those fields. I posted my changes to http://blog.christian-stankowic.de/?p=5609&cpage=1#comment-18257, but I currently have no free time to translate them to English (unfortunately I wrote my post in German) and repost them here. If anybody wants to do this, I would really appreciate it. Otherwise it will take a few additional days...

[TribuneX]

Would be nice if these changes could be build into Baikal directly to support SSL proxies. Any plans for this?

[beigna]

I'm running baikal over http in a lan server. On the public server I run a reverse proxy that does the SSL encryption.

The problem with the admin is on the tag! Thats uses http schema instead of https

Thanks!

[evert]

Different schemes should just work but you absolutely must have the same path-prefix on both your proxy and the origin server. If you are proxying a path to a different internal sub-path all the protocols will break.

I'm closing this ticket for now though as it's quite old. If you're still having issues with this just comment here so I can reopen it.

[jperryhouts]

I know this is old, but if anyone else comes across the same problem it can be fixed pretty easily. If you're using Apache, you can add SetEnv HTTPS on to your httpd.conf and Baikal will get the right URI information.

Hope that helps! -Jonathan

[mcblum]

Does anyone happen to know if this has been fixed? As soon as I put Baikal behind our reverse proxy (Nginx), all logins broke. It was working when accessing the Docker swarm directly over port 80.