Event registration form is forcing http instead of https

sedir · August 31, 2021, 3:06pm

Hi! I’ve been testing the latest Indico version (3.0) and found that on my instance the registration form of my example event is forcing http instead of https.

If you access this link ( Evento em Portugal (29 de agosto de 2021) · Indico ) from Chrome, you can see a small box that says the form is not secure. When I look to the source code of this very page, I see that the endpoint points to an HTTP URL.

It seems that’s something about how Angular generates the URL. Other parts of Indico don’t behave like this.

Does anyone have a clue on how to fix this?

ThiefMaster · August 31, 2021, 3:10pm

I see http:// URLs on https://indico.sedir.io as well. Is your BASE_URL correct? If you have a loadbalancer in front of Indico, does it send the X-Forwarded-Proto header and do you have USE_PROXY = True in indico.conf?

sedir · August 31, 2021, 3:23pm

My indico.env looks like this

SERVICE_HOSTNAME=indico.sedir.io
SERVICE_PORT=443
SERVICE_PROTOCOL=https
INDICO_BASE_URL=https://indico.sedir.io
INDICO_USE_PROXY=True

My nginx proxy config is like this:

server {
server_name indico.sedir.io;

location / {
    proxy_pass http://localhost:8921;
    proxy_set_header  Host $host:$server_port;
    proxy_set_header  X-Real-IP $http_cf_connecting_ip;
    proxy_set_header  X-Forwarded-For $http_cf_connecting_ip;
    proxy_set_header  X-Forwarded-Proto $http_x_forwarded_proto;
    client_max_body_size 1G;

}

    listen 443 ssl; # managed by Certbot
  listen [::]:443;

    ssl_certificate ... ;
    ssl_certificate_key ...;
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {

    if ($host = indico.sedir.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

   server_name indico.sedir.io
   listen 80;
   return 404;


}

ThiefMaster · August 31, 2021, 3:25pm

It’s just USE_PROXY, not INDICO_USE_PROXY: indico-containers/indico.conf at master · indico/indico-containers · GitHub

sedir · September 9, 2021, 2:32pm

Thanks! Before you pointed it out, for me to be able to use Indico I had to do a bit of hack and disable the URL checking at web/flask/app.py by commenting out few lines.

Well, I undone that hack and set USE_PROXY=True, but it still doesn’t recognize the right protocol, since I’m using https. Also looking at the config file you linked, I decided to remove the SERVICE_PORT as it seemed optional and I’m using the default port.

This is the log from the application:

indico-web_1  Received request with invalid url root for http://indico.sedir.io/

SERVICE_PROTOCOL in .env and proxy_set_header X-Forwarded-Proto in nginx appears to be set correctly. Is there any other check place where it might be getting the protocol?

sedir · September 9, 2021, 3:24pm

I just found the problem: it was my nginx proxy misconfigured.

The correct setting is:

location / {
    ...
    proxy_set_header  X-Forwarded-Proto $scheme;
}

Thanks again!