dhis2-devs team mailing list archive

Thread
Date

Re: App Installation - SSL issue

To: Jason Pickering <jason.p.pickering@xxxxxxxxx>
From: Lars Helge Øverland <lars@xxxxxxxxx>
Date: Wed, 17 Feb 2016 07:08:17 -0500
Cc: DHIS 2 Developers list <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CADsNmhv8nTW8iP08PiW+ibKvhQb+3ssPA9s89vCmBpoKJK7s0A@mail.gmail.com>

Hi Lorill,

DHIS 2 is looking at a header in the web request called X-Forwarded-Proto
when determining the protocol.

Are you running behind nginx? Could you check that this directive is part
of the location block which proxy passes to Tomcat? Or, at least make sure
this directive is not set to https (defaults to http).

proxy_set_header          X-Forwarded-Proto  http;

best regards,

Lars

On Wed, Feb 17, 2016 at 1:27 AM, Jason Pickering <
jason.p.pickering@xxxxxxxxx> wrote:

> Hi Lorill,
> I think you need to modify the Tomcat server.xml file to get this to work
> properly.
>
> I usually add an additional connector
>
>      <Connector port="8090" protocol="HTTP/1.1" proxyPort="443"
> scheme="https"
>                connectionTimeout="20000"
>                URIEncoding="UTF-8"
>                redirectPort="8443" />
>
>
> and then point the reverse proxy to that.
>
> Regards
> Jason
>
>
> On Wed, Feb 17, 2016 at 6:40 AM, Morten Olav Hansen <morten@xxxxxxxxx>
> wrote:
>
>> Ok, sounds like you have a misconfigured reverse proxy? How is the
>> internal instance set up? is it directly tomcat, or do you have apache or
>> nginx in front of it?
>>
>> On Wed, Feb 17, 2016 at 12:35 PM, Lorill Crees <lcrees@xxxxxxxxxx> wrote:
>>
>>> Yes - I can go directly to the app if I change the url to http, but
>>> within the apps other things related to urls are messed up. The icons in
>>> the app menu for manually installed apps also point to https so they don't
>>> show up, but I can manually navigate to the icons by using the url with
>>> http. The native DHIS 2 apps are all fine and properly reference http.
>>>
>>> Another thing I've just noticed is that when pulling up http://[server]/api/resources,
>>> all the "href" resource elements are incorrectly referencing https.
>>>
>>> On Tue, Feb 16, 2016 at 9:20 PM, Morten Olav Hansen <morten@xxxxxxxxx>
>>> wrote:
>>>
>>>> Hm, ok. I haven't seen that issue before. So the app shows up, just
>>>> that the link in the menu is wrong? What if you go there directly,
>>>> /api/apps/{app-name} ?
>>>>
>>>> On Wed, Feb 17, 2016 at 12:08 PM, Lorill Crees <lcrees@xxxxxxxxxx>
>>>> wrote:
>>>>
>>>>> Hi Morten,
>>>>>
>>>>> Yes - the baseUrl is set to *.
>>>>>
>>>>> Lorill
>>>>>
>>>>> On Tue, Feb 16, 2016 at 6:17 PM, Morten Olav Hansen <morten@xxxxxxxxx>
>>>>> wrote:
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> Could you have a look at your manifest file and see what the baseUrl
>>>>>> is set to? for 2.22 it should just be *
>>>>>>
>>>>>> On Wed, Feb 17, 2016 at 7:03 AM, Lorill Crees <lcrees@xxxxxxxxxx>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> We have set up an internal test instance of DHIS 2 that is not
>>>>>>> running via ssl. When installing apps into the instance, it is not able to
>>>>>>> load any of the apps or resources because it is redirecting to a path of
>>>>>>> https instead of http.
>>>>>>>
>>>>>>> eg:
>>>>>>>
>>>>>>> our website:
>>>>>>> http://[server]
>>>>>>>
>>>>>>> installed app is attempting to navigate to:
>>>>>>>
>>>>>>> https://[server]/api/apps/customjscss/index.html
>>>>>>>
>>>>>>> Is there somewhere where we need to configure this to use http? I've
>>>>>>> looked around but not sure if I'm missing something.
>>>>>>>
>>>>>>> I went into the settings and set the Server Base URL for http://[server],
>>>>>>> restarted and reinstalled the apps but this didn't fix it.
>>>>>>>
>>>>>>> I also saw in the database there is an appBaseUrl setting in the
>>>>>>> systemsetting table but it is not in clear text so I'm not sure what it's
>>>>>>> set to. This db was copied from another instance that is running under ssl
>>>>>>> so maybe that is the issue? I tried deleting this property, restarting and
>>>>>>> reinstalling the app but it still defaults to https.
>>>>>>>
>>>>>>> How can we fix this?
>>>>>>>
>>>>>>> We are using 2.22 r 21832.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Lorill
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs
>>>>>>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Morten
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Morten
>>>>
>>>
>>>
>>
>>
>> --
>> Morten
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Jason P. Pickering
> email: jason.p.pickering@xxxxxxxxx
> tel:+46764147049
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Lars Helge Øverland
Lead developer, DHIS 2
University of Oslo
Skype: larshelgeoverland
http://www.dhis2.org <https://www.dhis2.org/>

Follow ups

Re: App Installation - SSL issue
From: Lorill Crees, 2016-02-18

References

App Installation - SSL issue
From: Lorill Crees, 2016-02-17
Re: App Installation - SSL issue
From: Morten Olav Hansen, 2016-02-17
Re: App Installation - SSL issue
From: Lorill Crees, 2016-02-17
Re: App Installation - SSL issue
From: Morten Olav Hansen, 2016-02-17
Re: App Installation - SSL issue
From: Lorill Crees, 2016-02-17
Re: App Installation - SSL issue
From: Morten Olav Hansen, 2016-02-17
Re: App Installation - SSL issue
From: Jason Pickering, 2016-02-17