Project

General

Profile

Forums » Help »

Login redirects to int.ssl.URL

Added by Stefan Wolff about 2 months ago

Hi,

i am having trouble using redmine with Apache + Passenger. I didn't find any solution here or with big G.

  • Problem:

If I enter my credentials and click on login i am getting redirected to a wrong URL (Redmine Debug Log: Redirected to https://int.ssl.www.myurl/redmine-test/).
Any ideas ?
Regards, Stefan

  • My environment:
Ubuntu 22.04 LTS 
Rails 6.1.7.7
ruby 3.2.4
  • Apache VHost:
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        RequestHeader set X-Forwarded-Proto "https" 

        ServerName myurl

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/redmine_443_error.log
        CustomLog ${APACHE_LOG_DIR}/redmine_443_access.log combined

        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        <Directory "/var/www/redmine/public">
          Require all granted
        </Directory>

          # Allow access to Redmine's installation directory
        <Directory /var/www/redmine/public>
          Allow from all
          Options -MultiViews
          Require all granted
        </Directory>

        # Redmine als SubUri
        Alias /redmine /var/www/redmine/public
        <Location /redmine-test>
          PassengerBaseURI /redmine-test
          PassengerAppRoot /var/www/redmine
        </Location>
    </VirtualHost>
</IfModule>

Replies (5)

RE: Login redirects to int.ssl.URL - Added by Holger Just about 2 months ago

Make sure that you have configured your externally used hostname in Administration -> Settings -> General.

Also, if your externally used hostname is different from the ServerName myurl (which I would strongly recommend against), you likely have to map the hostname somewhere in your webserver / proxy chain.

RE: Login redirects to int.ssl.URL - Added by Stefan Wolff about 2 months ago

Thank you..
externally used hostname was set correctly under Administration and on proxy chain.

Any other ideas ?

RE: Login redirects to int.ssl.URL - Added by Stefan Wolff about 2 months ago

i have setup virtual host for http and its running fine without https.
But using http is no option..

RE: Login redirects to int.ssl.URL - Added by Stefan Wolff about 1 month ago

Das Problem wurden durch den Betreiber unserer Proxy Kette gelöst bzw. umgangen:

Bei der Analyse haben wir festgestellt, dass Ihre Anwendung nur einen RequestHeader verarbeiten kann. Durch unsere Proxykette werden allerdings mehrere RequestHeader Attribute gesetzt. Daher mussten wir die Konfiguration des Reverse Proxies manuell für /redmine-test/ anpassen

Nun die spannende Frage.. Kann man Redmine dazu befähigen weitere RequestHeader Attribute zu verarbeiten ?

RE: Login redirects to int.ssl.URL - Added by Holger Just about 1 month ago

RequestHeader is a directive in Apache httpd webserevrs to manipulate headers in HTTP requests which are handled by the server. This can include actions such such as adding, removing or overwriting request headers or appending an additional value to request headers.

As such the response of your vendor is rather nonsensical. Redmine does process many different HTTP headers in requests (some of which may be set using RequestHeader rules in intermediate proxies). There is no such thing as a "RequestHeader Attribute".

What they may mean with their response however is that they have setup RequestHeader rules which manipulate some request headers as the request passes through their Apache httpd proxy. They don't state which header(s) that may be, but given the observed behavior, it's likely that they added a Host header value using a RequestHeader add rule. This would then result in the request having multiple Host header values, which is not allowed in HTTP (some headers in HTTP are allowed to have multiple values, others must only have exactly one value).

To set / overwrite a request header with a single new value, a RequestHeader set rule has to be used.

    (1-5/5)