Defect #38868
closed
Public URL or Logout Page showing back_url with Internal Server IP and Port
Added by Caspion G almost 2 years ago.
Updated over 1 year ago.
Description
I am using Redmine 5.0.1 with production environment on Windows 10 Professional.
I installed it using Bitnami stack, and upgraded the ruby version to 3.1.4 and it ran successfully. Except I replaced Thin server with PUMA. Now when I use public URL/Domain name to access the site, it shows http://xxx_public_url/login?back_url=http%3A%2F%2F127.0.0.1%3A3001%2F
I tried each and every step, but not finding any solution. I am using IIS for reverse proxy to internal puma server. Please help, as this is exposing my internal server for phishing attacks.
Caspion G wrote:
I am using Redmine 5.0.5 with production environment on Windows 10 Professional.
I installed it using Bitnami stack, and upgraded the ruby version to 3.1.4 and it ran successfully. Except I replaced Thin server with PUMA. Now when I use public URL/Domain name to access the site, it shows http://xxx_public_url/login?back_url=http%3A%2F%2F127.0.0.1%3A3001%2F
I tried each and every step, but not finding any solution. I am using IIS for reverse proxy to internal puma server. Please help, as this is exposing my internal server for phishing attacks.
My installation information is:
Environment:
Redmine version 5.0.5.stable
Ruby version 3.1.4-p223 (2023-03-30) [x64-mingw-ucrt]
Rails version 6.1.7.2
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
Redmine settings:
Redmine theme Purplemine2-master (includes JavaScript)
SCM:
Git 2.38.0
Filesystem
Redmine plugins:
additional_tags 1.0.8
additionals 3.0.9-main
redmine_kanban 1.2.0
redmine_resources 1.0.8
- Status changed from New to Closed
You have to configure your public hostname at Administration -> Settings -> general -> Host name. The value entered there is used to generate full URLs in some redirects and emails.
Also available in: Atom
PDF
Updated by 
Updated by