blob: f27e75fcb82925887355ab737061e2b35e168574 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
I have a private ikiwiki (3.20170111) which is running on a host that serves HTTP and HTTPS, but ikiwiki is configured for (and only served on) HTTPS:
url: https://redacted/phd/
cgiurl: https://redacted/phd/cgi
However, form submissions from ikiwiki are going to a HTTP URL and thus not being served. Example headers from submitting a comment:
Request URL:https://redacted/phd/cgi
Request Method:POST
Status Code:302 Found
Remote Address:redacted:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
HTTP/1.1 302 Found
Server: nginx/1.10.3
Date: Fri, 08 Dec 2017 11:53:35 GMT
Content-Length: 0
Connection: keep-alive
Status: 302 Found
Location: http://redacted/phd/blog/38th_Dec/?updated#comment-bd0549eb2464b5ca0544f68e6c32221e
The CGI is served by lighttpd, but the whole site is front-ended by nginx, which reverse-proxies to lighttpd.
----
I think this might be to do with nginx not rewriting POST URLs when reverse-proxying, but I'm not sure why
they would be generated in an HTTP form in any case, except perhaps by lighttpd's CGI handler since the back
end is HTTP. A workaround is for nginx to redirect any HTTP URI to the HTTPS equivalent. I initially disabled
that so as to have the path for letsencrypt negotiation not redirected.-- [[Users/Jon]]
> Do you have the `reverse_proxy` option set to 1? (It affects how ikiwiki generates
> self-referential URLs).
>
> Is the connection between nginx and lighttpd http or https?
>
> I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with
> `reverse_proxy: 1`. I'm in the process of adding a test case in `t/relativity.t`.
>
> Assuming nginx has a reasonable level of configuration, you can redirect http to https
> for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap
> ACME negotiation. --[[smcv]]
|