Force https = cant reach page

how do i easily solve the issue when you turn on FORCE HTTPS and then you can not login or reach xibo again?..I did reverse proxy on debian 9, nginx and certbot let’s encrypt all working fine with redirect http to https…as soon as i turn on FORCE HTTPS in the xibo settings, everything collapses.

why and how can this be fixed? without having to delete shared folder and starting over again

This setting:

image

Xibo looks at each incoming connection and if it detects that it is using http it redirects to https. If https was working before you enabled it, then you should be fine.

Solution 1 is to make HTTPS work :slight_smile:

Solution 2 is to get a command line to the database and set the setting back again.

UPDATE `setting` SET value = 0 WHERE setting = 'FORCE_HTTPS';

Thanks,
Dan

1 Like

HTTPS works before i enable FORCE HTTPS but then i cant access page…in custom port section 127.0.0.1:8080:80 or change 80 to 443?

It sounds like you need to make sure your reverse proxy is sending the correct HTTP_X_FORWARDED_PROTO headers into the Docker container.

No definitely not - the requests are arriving at the right place, but Xibo in the container doesn’t know that the request originated from HTTPS because the proxy isn’t setting the correct header.

}
server {
listen 443;
server_name mydomain.ca www.mydomain.ca.ca;

location / {
    proxy_pass http://localhost:8080;
    #proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

    # Enables WS support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_redirect off;
}
ssl_certificate /etc/letsencrypt/live/mydomain.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.ca/privkey.pem; # managed by Certbot

help me hereplease…if there is any error in my config

so i started a fresh install of debain…set up ssl and was able to score A+ on the SSL checker website…using a revers proxy…i got A+ with www and without www, but as soon as i turn on FORCE HTTPS in xibo, site/cms cannot be reached anymore…i have tried every changes to the proxy_pass directive…nothing…I have been trying to find answers to this for the past 4 days and still not getting any where…I can run xibo and not use FORCE HTTPS but i really wanted to understand the error and how to rectify it. I had same issues when i was using xibo 1.7 on a shared hosting…everytime i turned on FORCE HTTP, i had a problem and i had to do something to make it work with FORCE HTTPS on then later, I run into the same issue and i turn of FORCE HTTPS and then xibo starts to work…i forgot what i di…nothing to do with proxy.

who here is able to use xibo with FORCE HTTPS ON using debian 9 or ubuntu?

I also have the same problem but have not received any feedback yet. I’d be interested if anyone else has actually resolved this problem with Xibo.

I was able to get this functional but I literally had to run all of the steps as root. Using sudo did not work following the instructions in this guide:
https://xibo.org.uk/docs/setup/xibo-cms-with-docker-on-ubuntu-18-04

Hopefully this helps other people who get stuck in the same place I did.

When FORCE HTTPS ON is selected in the CMS, on every request we have the PHP code check that the HTTP_SCHEME is in HTTP_X_FORWARDED_PROTO is https and if it is not, we issue a redirect to https.

What is happening for you @aponkye is that your https:// URL does not contain https because the proxy is not setting that correctly.

You could put a really simple test file in /custom/userscripts called test.php containing:

<?php
echo 'Testing HTTPS' . PHP_EOL;
echo 'REMOTE_ADDR: ' . $_SERVER['REMOTE_ADDR'] . PHP_EOL;
echo 'HTTP_X_FORWARDED_PROTO: ' . $_SERVER['HTTP_X_FORWARDED_PROTO'] . PHP_EOL;

You are missing:

proxy_set_header X-Forwarded-Proto $scheme;

Sorry for the delay, if you have moved on then at least this might assist someone else!

1 Like

what can I do without daddy Daniel…so the whole time I excluded proxy_set_header X-Forwarded-Proto $scheme;…i reinstalled xibo cms almost 15 times and each time, I enabled FORCE HTTPS in cms settings and site broke down…shame on me!

2 Likes

Haha, pleased you have it solved! :smiley:

1 Like

You have really saved his life lol, saving this answer myself, it happened to me earlier, bu tI thought it was something I did

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.