https + nginx proxy

[hrach]

If there is https nginx proxy, our webhoster sets SERVER_PORT to 80 for the apache webserver. But the application runs over 443 and https. See their response and dumped headers.

Server headers dump:

HTTPS on
HTTP_HOST www.xxx.cz
HTTP_X_FORWARDED_HOST www.xxx.cz
HTTP_X_FORWARDED_SERVER www.xxx.cz
HTTP_X_FORWARDED_FOR 94.230.146.241
HTTP_FORWARDED_REQUEST_URI /test.php
HTTP_HTTP_X_FORWARDED_PROTO https
HTTP_HTTPS on
HTTP_X_FORWARDED_PROTO https
HTTP_X_FORWARDED_SSL on
SERVER_SIGNATURE no value
SERVER_SOFTWARE Apache
SERVER_NAME www.xxx.cz
SERVER_ADDR 127.0.0.1
SERVER_PORT 80

Response from the webhosting

The HTTPS header is properly set by our front end Nginx web server, as well as the 'X-Forwarded-SSL' header.

The problem here is that the $_SERVER['SERVER_PORT'] variable is always 80, since the Apache (sitting behind the Nginx) never receives HTTPS traffic, rather the front end Nginx does. You are relying on that variable to construct the HttpRequest object in

/home/xxx/webapps/xxx/vendor/nette/nette/NetteHttpRequestFactory.php on line 80:

if (isset($pair[2])) {
$url->port = (int) substr($pair[2], 1);
} elseif (isset($_SERVER['SERVER_PORT'])) {
$url->port = (int) $_SERVER['SERVER_PORT'];
}

...

WebFaction Support

[hrach]

Maybe we could ask them to add HTTP_X_FORWARDED_PORT and prioritize this key?

[Majkl578]

X-Forwarded-Port is exactly what I was thinking about while reading your first message.

[dg]

ping @hrach & @Majkl578

[hrach]

@dg are you asking for PR or better explanation or if it's still valid?

The site is no longer running, however, this "bug/feature" is still present a should be fixed.

[dg]

Fix, close, whatever :-)

[petrdvorak]

From my perspective, this would be a nice thing to fix by interpreting the HTTP_HTTP_X_FORWARDED_PROTO / HTTP_X_FORWARDED_PORT