wmaillard / shellinabox

Automatically exported from code.google.com/p/shellinabox
Other
0 stars 0 forks source link

svn revision 152 breaks support for https proxy #27

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I am using shellinabox behind a https proxy provided by apache2 (and I had
it properly configured prior to revision 152 :) ). That is to say
shellinaboxd is listening in background with the --disable_ssl switch on
and its port is only accessible in local while apache2 is listening https
connection on port 444 and redirect them to the shellinaboxd port.

The problem is that starting with revision 152, when I access the URL of
shellinabox :
https://domain.com:444/shellinabox/
the browser is automatically redirected to
http://domain.com:444/shellinabox/

which of course is broken because the server awaits an encrypted connection.

I believe that the javascript redirection in the lines 53 to 78 of
root_page.html should just check for the protocol to output a proper
redirection, but I did not understand the code of that revision as I know
no javascript (is the 'hasSSL' variable correlated to the -t option ?).

Original issue reported on code.google.com by mke...@gmail.com on 4 Aug 2009 at 5:30

GoogleCodeExporter commented 8 years ago
I'll take a look at it in the next couple of days. That definitely sounds like 
unintended behavior. In the meantime, if you remove the --disable-ssl switch, 
it'll 
probably start working again; but that's obviously not quite correct in your 
situation.

Original comment by zod...@gmail.com on 7 Aug 2009 at 4:44

GoogleCodeExporter commented 8 years ago
You are using ShellInABox in a slightly less common configuration. Most users 
would 
need ShellInABox to do the redirection from http: to https: for them, even if 
they 
used a reverse proxy for the SSL encryption. And they would therefore not set 
the --
disable-ssl option. Your situation is different, and I can understand why you 
would 
set --disable-ssl, as all the tricky encryption bits are handled by your 
reverse 
proxy.

I now committed a change to revision 162 of ShellInABox that will continue 
using 
encrypted sessions, even if you set the --disable-ssl option. This should get 
you 
back to the state that you had before I broke things for you. Please let me 
know if 
you continue seeing any issues, as your configuration tests an interesting 
corner 
case, and you might find bugs that I hadn't thought of.

Original comment by zod...@gmail.com on 8 Aug 2009 at 10:13

GoogleCodeExporter commented 8 years ago
Thank you, it's working again now.

Original comment by mke...@gmail.com on 9 Aug 2009 at 9:35