Project

General

Profile

Actions
Copy link

Defect #19834

closed

Login shows internal host/IP to internet public

Added by Jorge S. over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:
3.0.3

Description

When setting Require Authentication under Authentication, when you log out, you are redirected to login page, whose URL is:

https://tracker.xxxx.com.ar/login?back_url=http%3A%2F%2Ftracker.intranet.xxxx.com.ar%2F

In another installation, I see also:

https://tracker.xxxx.com.ar/login?back_url=http%3A%2F%2F192.168.1.4%2F

(The private IP).

It must be noted that BOTH installations run with Nginx as Reverse Proxy.

In my case, Nginx is listening on port 80 and based on the host redirects to my server which has Apache2 + Redmine working.

Actions
Copy link
 #1

Updated by Jorge S. over 9 years ago

nginx config:

server {
listen 80;

server_name
                tracker.xxxx.com.ar;
        location / {
                proxy_pass http://192.168.1.4:8080;
        }
}
Actions
Copy link
 #2

Updated by Jorge S. over 9 years ago

  • Status changed from New to Resolved

It seems to be a misconfiguration of nginx:

location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

Actions
Copy link
 #3

Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid

Thanks for the feedback.

Actions
Copy link

Also available in: Atom PDF