Hello everyone, I hope you’re all doing great.
I’m having an issue when upgrading the Tizen player from R202 to R203 and I was wondering if some of you faced the same issue or have an idea on how to solve it.
Here’s what happens:
While Xibo is running on the player, I change its profile settings to R203 in the CMS. After a few minutes, I get a connection loading and then a URL launcher error : “Can’t download the web app. Try again” (the error is in French for me so it might not be exactly that in English). It loops for approximately 5 minutes: Connection loading → URL launcher error → Connection loading → …
And after a few minutes the display shows again my default layout. The player still has the code version 202 (seen in the status page).
If I go to the URL Launcher settings menu, I can see that the CMS address has been automatically changed from https://xxx.fr to http://xxx.fr/playersoftware/yyy where yyy are multiple random numbers and letters (eg: ac397daa8f).
With the help of the helpdesk, we have identified a way to successfully upgrade the player: I have to manually change the URL from http://xxx.fr/playersoftware/yyy to https://xxx.fr/playersoftware/yyy although “Force HTTPS” in the profile settings is set to “true”.
I’m clearly running out of ideas, so all advices are welcome
Hi JeremyM, thanks for posting this on the community.
I’ve been discussing this with my colleagues and the issue could in fact be related to a misconfigured reverse proxy. If your CMS is indeed behind a reverse proxy it needs a header to be added to each request by the proxy so it knows if the request was made over http or https. If it’s missing, it will assume it was made over http, and so any URLs it sends out will start http.
X-Forwarded-Proto: https X-Forwarded-For: <IP where the connection comes from> You may find this is is added automatically, depending on the server you are using.
It should be setting those to headers on each request that goes from the reverse proxy to the CMS. The first one should only be on https connections. On a http connection it should set it to http or removed from the request if it’s present. What it mustn’t do is pass that header through from the client - it should always clear it and set it or clear it in both cases.
If you are using an Apache reverse proxy, you can see in this guide how those headers are being set:
Hello, thanks a lot for this comprehensive answer.
I’m indeed using a reverse proxy (Apache if I remember well).
I will take a closer look to your answer early next week and tell you if this solves my issue.
If my reverse proxy is indeed misconfigured, it is surprising it has worked until now with the R202 players :o
But your answer makes total sense so I hope it’s the cause of my issue
Thanks for the reply, I’ll keep an eye out for an update on this post, hopefully this resolves the issue. If I don’t hear from you before, I hope you have a good weekend.
Hello, good news !
Adding this line seems to solve the problem:
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
I have only tried it on my “test” display but I have good hope it will work on my active displays as well.
I just have a remark to make about this guide as you’re mentionning it: Xibo CMS with Docker on Ubuntu 18.04 | Xibo Open Source Digital Signage (to make it better if there’s indeed an error)
I was planning to use it when I first tried to setup my Xibo CMS. But I ran into a couple issues.
First one (which is quite specfic) is that I wanted to use my own cert. If somebody is having trouble doing that, this thread helped me a lot: Xibo 1.8.1 config to force https with own cert
Second one which is my main point is that in the given config (the one you’ve screenshoted in your previous message), they only edit the <VirtualHost *:80>. I’m clealy not an expert so it’s maybe not an error but I don’t see how it could work without having the <VirtualHost *:443> configured.
I also have a question about “Automating CMS Credentials for the Tizen player” in R203 but I don’t know if I should ask it here or ask the helpdesk as I don’t want to go too far from the main subject here.
Thank you for the update, that truly is great news! Glad you were able to resolve the issue.
Thank you also for the feedback on the guide, I will forward this to the relevant department.
An issue has been discovered with the automated credentials functionality on R203, a fix is currently being tested for a future release. In the meantime I would recommend manually entering the credentials for your CMS when installing the player onto your Samsung displays.