Client talking to wrong port

I just installed Xibo 1.8.3 using docker. I changed the ports in the docker yml file to “8080:80” and configured apache to proxy 443 to port 8080. Everything should be talking to the server over 443 and it seemed to be working until I added a client. The client it registered just fine, but it can’t seem to download the files it needs (stuck at 50 files to download). Running tcpdump it appears to be trying to connect to the server on port 80 and download files using xmds.php. Any idea where it would be getting port 80 from?

I went ahead and enabled Force SSL which didn’t seem to work, however between that and added RequestHeader to my apache config it seems to be working.
RequestHeader set X-Forwarded-Proto “https”

That’s right. You need to tell Xibo it’s using HTTPS otherwise it won’t know.

You’ll probably also want to send the other X-Forwarded headers too so that Xibo knows the true IP address of the connections it receives via your proxy.

My problem is solved, but it would be nice to know what’s going on for other users.

Apache sets X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Server by default I believe. I used a config straight out of the guide: https://xibo.org.uk/manual-tempel/en/install_docker_linux.html so perhaps that should be updated to include X-Forwarded-Proto ?

Also given that I can run Apache on any port (not just 443 and 80) so why is Xibo using port 80 I would think it would use the CMS address I provided in the Player Setup? (https://HOST/)

The Player will have been connecting to the address you specified, however, the CMS then tells the Player where it can download resources from, and it constructs that URL based on the host header and protocol.

As far as the container is concerned, it’s running on http://ip.address:80. You’re then using Docker to map that port 80 through to port 8080, so the CMS knows nothing about that (or that it’s using HTTPS) from there.

I agree that stanza in the manual should be updated to pass through the X-Forwarded-Proto header. I’ll log a bug so that gets done.