Closed webac closed 6 years ago
resolved, The problem comes from the php global variable $_SERVER['SERVER_NAME'], it returns the original ip address,
So I just added a value for this var on the top of index.php
$_SERVER['SERVER_NAME'] = "my.domain.fr";
I don't know if this solution is viable?
but it works fine!
I tried to this in the nginx proxy xonfig
proxy_set_header Host "my.domain.fr";
But it doesn't works,
below my nginx config:
upstream shaarli {
server 192.168.0.10:8082;
}
server {
listen 443;
server_name my.domain.fr;
charset utf-8;
ssl on;
ssl_certificate /etc/nginx/ssl/my.domain.fr/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/my.domain.fr/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
client_max_body_size 2G;
fastcgi_buffers 64 4K;
location / {
proxy_pass http://shaarli;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-FORWARDED-PROTO https;
}
}
I run a pretty similar config without any issue. What about your target webserver configuration?
Hi @ArthurHoaro,
On the target webserver here is my configuration:
default.conf
server {
listen 8082;
server_name 192.168.0.10;
root /var/www/html/shaarli;
index index.html index.htm index.php;
charset utf-8;
location /phpinfo/ {
# add a PHP info page for convenience
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/index.php;
include fastcgi_params;
}
location ~ /\. {
# deny access to dotfiles
access_log off;
log_not_found off;
deny all;
}
location ~ ~$ {
# deny access to temp editor files, e.g. "script.php~"
access_log off;
log_not_found off;
deny all;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
# cache static assets
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /favicon.ico {
# serve the Shaarli favicon from its custom location
alias /var/www/html/shaarli/images/favicon.ico;
}
location / {
# Slim - rewrite URLs
try_files $uri /index.php$is_args$args;
}
location ~ (index)\.php$ {
# Slim - split URL path into (script_filename, path_info)
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# filter and proxy PHP requests to PHP-FPM
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ \.php$ {
# deny access to all other PHP scripts
deny all;
}
}
nginx.conf
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Hi, sorry for the slight delay in my answer.
So, the $_SERVER['SERVER_NAME']
variable seems to contain the server_name
directive of the target web server. In other words, you should use this in your target nginx
conf.
server {
listen 8082;
server_name my.domain.fr;
[...]
}
But maybe we should also check HTTP_X_FORWARDED_HOST
instead of just the server name?
Related to #888
Actually, this has been fixed by #899.
Hi,
I'm trying to configure Shaarli behind proxy (nginx), Everything works without proxy.
But when I use proxy I get this message when I try to connect.
I checked the index.php and I noticed that this condition is never passed with proxy:
$_SESSION['tokens'] return NULL inside the function tokenOk() when the login form is submitted.
I already checked old issues and added the 3 vars in this section, but can't find a solution: https://github.com/shaarli/Shaarli/wiki/Server-configuration#proxies
Can you please help?
Thanks a lot