[BlueOnyx:26970] Re: Bug report on 5211R

Fri May 10 16:47:51 -05 2024

Hi Michael,

Thanks for fixing it so quickly.
I however don’t understand why you are unable to use nginx to proxy an https site.
That is quite standard functionality afaik.
Why configure apache as SSL proxy If you have nginx?
I am fairly sure you can just enable (if it is not even enabled by default) proxying to an https site.

But let me configure it using http and then modify the config file by hand and restart the service and see if it works.

Best regards,

Taco

> On 9 May 2024, at 21:03, Michael Stauber via Blueonyx <blueonyx at mail.blueonyx.it> wrote:
> 
> Hi Taco,
> 
>> On both adminica and Elmer I get an internal server error when I choose:
>> Site->Services->Web
>> Enable Redirect/Proxy, select Redirect Type: Proxy and enter a https link (and click save)
>> In the 5209R interface I get a warning on the page itself (after saving) that https cannot be proxied on the page itself.
>> I think there is something wrong with the error handling.
>> The field where you input the URL actually states (when the helper is shown) that you can enter an http:// or https:// link
> 
> Nice catch! I just checked and indeed: The error handling of that extension was bugged.
> 
> I updated the code for 5210R and 5211R and YUM updates (base-apache-*) have been published:
> 
> https://devel.blueonyx.it/trac/changeset?reponame=&new=5259%40%2F&old=5257%40%2F
> 
>> It would be great if 5211R would actually have support to proxy to an https URL, nginx is capable of it.
> 
> Yeah, this is tricky. Nginx may not be running unless "Use Nginx as SSL-proxy" is enabled. And configuring Apache as HTTPS-proxy is just a massive pain in the ass that results in an invitation for things to break hard.
> 
> We're in the unfortunate position that the GUI-element for this allows either redirects (to HTTP or HTTPS) or Proxy. So it takes an URL that can start with either HTTP or HTTPS. But we can't allow it to use HTTPS for Proxy, because we don't do that. For redirects however? HTTPS is fine.
> 
> Throwing in a form validation script that (at runtime) raises an error message that HTTPS *and* proxy have been selected is just way too much overkill and these things tend to compete with the regular form validation which the field already has to check if a valid URL was entered.
> 
> So I reactivated the "after-the-fact" error message that (if someone tries to save with an HTTPS-URL for Proxy) raises the error message shown in the image below.
> 
> That's not ideal, but at least now the user gets a visible indication that it failed and why: We don't allow Proxy *and* HTTPS there.
> 
> -- 
> With best regards
> 
> Michael Stauber<Bildschirmfoto vom 2024-05-09 13-52-40.png>_______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx