Open reptilian-research opened 1 year ago
Hi
I have not been able to reproduce this, and frankly it sounds like a browser issue.
In Chrome there is a "Always show full URLs" setting that may play into this. Could you try enabling that and report back?
When using a letsencrypt cert with two or more FQDNs, the browser seems to show the first specified FQDN.
This does not occur with a letsencrypt cert with a single FQDN.
In chrome, the issue presents as:
In firefox, the issue presents differently:
Expected Behavior
i would expect that the browser would continue to work with the specified FQDN. the only linkage between the first and second FQDN is the lets encrypt cert. when only one FQDN is in the cert, this behaviour is not exhibited
Current Behavior
with an incognito browser tab in chrome: go to: https://www2.lab.reptiles.ca note that the A HREF inherits the appropriate Host: go to: https://www.lab.reptiles.ca note that the A HREF inherits the appropriate Host: note that the URL bar is now showing lab.reptiles.ca hit shift-refresh note that the A HREF still shows the previous Host: note that the URL bar is still showing lab.reptiles.ca
perform the same with firefox, but observe the tab title
Possible Solution
i'm unsure of the interaction between hitch and varnish, but, it appears that something is being passed from hitch to varnish relative to the data in the cert.
Steps to Reproduce (for bugs)
set up varnish to forward to an internal web server for a variety of FQDNs
configure hitch to use a pool of pem files:
modify the hitch-hook to put the bundle.pem into the appropriate dir
set up apache separate virtual hosts for all the above FQDNs, each with unique/identifiable content.
generate certs:
Context
as best i can tell, this only effects the display (URL bar in chrome, and tab title in firefox)
this could be misleading/confusing for the end-user.
seems to be an unintended side-effect.
Your Environment
the varnish config is vanilla punting incoming PROXY traffic from hitch, and passing it through to an apache server.
the apache server is a vanilla config, listening for virtual hosts on 8080. the apache config is not attempting to update/control the title of the page.