Last modified: 2014-10-01 13:43:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T66627, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 64627 - lighttpd redirects URLs of directories without a trailing slash from https to http
lighttpd redirects URLs of directories without a trailing slash from https to...
Status: NEW
Product: Wikimedia Labs
Classification: Unclassified
tools (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Marc A. Pelletier
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-29 22:09 UTC by Tim Landscheidt
Modified: 2014-10-01 13:43 UTC (History)
13 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tim Landscheidt 2014-04-29 22:09:46 UTC 
+++ This bug was initially created as a clone of Bug #59926 +++

lighttpd redirects URLs of directories without a trailing slash from https to http, i. e.:

| [tim@passepartout ~]$ curl -I https://tools.wmflabs.org/matthewrbowker/cnrd
| HTTP/1.1 301 Moved Permanently
| Server: nginx/1.5.0
| Date: Tue, 29 Apr 2014 22:07:20 GMT
| Connection: keep-alive
| Location: http://tools.wmflabs.org/matthewrbowker/cnrd/

| [tim@passepartout ~]$

So we'll need to teach lighttpd about https (or rewrite redirects in nginx?).  From bug #59926, comment #8:

> [...]               The proxy provides an X-FORWARDED-PROTO header which can
> be used by the application to construct URIs if it really must redirect
> between protocols.
Comment 1 Liangent 2014-04-30 02:56:45 UTC 
dupe of https://bugzilla.wikimedia.org/show_bug.cgi?id=53689 ?
Comment 2 Liangent 2014-04-30 03:00:02 UTC 
(In reply to Liangent from comment #1)
> dupe of https://bugzilla.wikimedia.org/show_bug.cgi?id=53689 ?

seems this bug was accidentially fixed.
Comment 3 Tim Landscheidt 2014-04-30 06:15:04 UTC 
(In reply to Liangent from comment #2)
> > dupe of https://bugzilla.wikimedia.org/show_bug.cgi?id=53689 ?

> seems this bug was accidentially fixed.

Just to be clear: Now you don't consider /this/ bug #64627 a duplicate of bug #53689, and this bug #64627 is "still" not fixed?
Comment 4 Liangent 2014-04-30 06:17:18 UTC 
(In reply to Tim Landscheidt from comment #3)
> (In reply to Liangent from comment #2)
> > > dupe of https://bugzilla.wikimedia.org/show_bug.cgi?id=53689 ?
> 
> > seems this bug was accidentially fixed.
> 
> Just to be clear: Now you don't consider /this/ bug #64627 a duplicate of
> bug #53689, and this bug #64627 is "still" not fixed?

right
Comment 5 metatron 2014-05-31 11:57:38 UTC 
If trailing / is missing, proxy adds it but switches then from  https to  http 

Example:
(all but the last entry in top menu have trailing / ) I left the last without it, to have some guinea pig.

1. https://tools.wmflabs.org/xtools/ec/
2. Select menu SC
Comment 6 metatron 2014-05-31 12:02:07 UTC 
And it is webproxy who does this, not lighty. So, the caption of this bz may be misleading.
Comment 7 Tim Landscheidt 2014-05-31 17:32:56 UTC 
(In reply to metatron from comment #6)
> And it is webproxy who does this, not lighty. So, the caption of this bz may
> be misleading.

No, it doesn't.  The webproxy passes the request to lighttpd who then -- if needed -- generates a redirect which will always be to the http server.  That gets passed unchanged to the client.  Isn't that what I already wrote in comment #0?
Comment 8 metatron 2014-05-31 19:54:20 UTC 
Hmm, this need further knowledge on the subject.

1. Lighttpd is configured without ssl engine, and makes rewrite only for tool's root
>> ssl.engine = "disable"
>> alias.url = ( "/$tool" => "$home/public_html/" )

2. the requested url /is/ https and should be served as https. This is indsiputabled the job of webproxy, as lighty doesn't know anything about ssl.

3. the debug output below shows 2 requests, https with and without trauling slash for static index.html in /newwebtest/test  folder - they are both identical (as expected on lighty's side)



A. lighttp request handling , debug /without/ slash
## https://tools.wmflabs.org/newwebtest/test

2014-05-31 19:37:21: (response.c.300) -- splitting Request-URI 
2014-05-31 19:37:21: (response.c.301) Request-URI  :  /newwebtest/test/ 
2014-05-31 19:37:21: (response.c.302) URI-scheme   :  http 
2014-05-31 19:37:21: (response.c.303) URI-authority:  tools.wmflabs.org 
2014-05-31 19:37:21: (response.c.304) URI-path     :  /newwebtest/test/ 
2014-05-31 19:37:21: (response.c.305) URI-query    :   
2014-05-31 19:37:21: (response.c.349) -- sanatising URI 
2014-05-31 19:37:21: (response.c.350) URI-path     :  /newwebtest/test/ 
2014-05-31 19:37:21: (mod_access.c.135) -- mod_access_uri_handler called 
2014-05-31 19:37:21: (response.c.470) -- before doc_root 
2014-05-31 19:37:21: (response.c.471) Doc-Root     : /data/project/newwebtest/public_html 
2014-05-31 19:37:21: (response.c.472) Rel-Path     : /newwebtest/test/ 
2014-05-31 19:37:21: (response.c.473) Path         :  
2014-05-31 19:37:21: (response.c.521) -- after doc_root 
2014-05-31 19:37:21: (response.c.522) Doc-Root     : /data/project/newwebtest/public_html 
2014-05-31 19:37:21: (response.c.523) Rel-Path     : /newwebtest/test/ 
2014-05-31 19:37:21: (response.c.524) Path         : /data/project/newwebtest/public_html/newwebtest/test/ 
2014-05-31 19:37:21: (response.c.541) -- logical -> physical 
2014-05-31 19:37:21: (response.c.542) Doc-Root     : /data/project/newwebtest/public_html 
2014-05-31 19:37:21: (response.c.543) Rel-Path     : /newwebtest/test/ 
2014-05-31 19:37:21: (response.c.544) Path         : /data/project/newwebtest/public_html//test/ 
2014-05-31 19:37:21: (response.c.561) -- handling physical path 
2014-05-31 19:37:21: (response.c.562) Path         : /data/project/newwebtest/public_html//test/ 
2014-05-31 19:37:21: (response.c.569) -- file found 
2014-05-31 19:37:21: (response.c.570) Path         : /data/project/newwebtest/public_html//test/ 
2014-05-31 19:37:21: (response.c.719) -- handling subrequest 
2014-05-31 19:37:21: (response.c.720) Path         : /data/project/newwebtest/public_html//test/ 
2014-05-31 19:37:21: (mod_indexfile.c.150) -- handling the request as Indexfile 
2014-05-31 19:37:21: (mod_indexfile.c.151) URI          : /newwebtest/test/ 
2014-05-31 19:37:21: (mod_access.c.135) -- mod_access_uri_handler called 
2014-05-31 19:37:21: (mod_compress.c.683) -- handling file as static file 
2014-05-31 19:37:21: (mod_staticfile.c.397) -- handling file as static file 
2014-05-31 19:37:21: (response.c.731) -- subrequest finished 


B. lighttp request handling , debug /with/ slash
## https://tools.wmflabs.org/newwebtest/test/

2014-05-31 19:40:57: (response.c.300) -- splitting Request-URI 
2014-05-31 19:40:57: (response.c.301) Request-URI  :  /newwebtest/test/ 
2014-05-31 19:40:57: (response.c.302) URI-scheme   :  http 
2014-05-31 19:40:57: (response.c.303) URI-authority:  tools.wmflabs.org 
2014-05-31 19:40:57: (response.c.304) URI-path     :  /newwebtest/test/ 
2014-05-31 19:40:57: (response.c.305) URI-query    :   
2014-05-31 19:40:57: (response.c.349) -- sanatising URI 
2014-05-31 19:40:57: (response.c.350) URI-path     :  /newwebtest/test/ 
2014-05-31 19:40:57: (mod_access.c.135) -- mod_access_uri_handler called 
2014-05-31 19:40:57: (response.c.470) -- before doc_root 
2014-05-31 19:40:57: (response.c.471) Doc-Root     : /data/project/newwebtest/public_html 
2014-05-31 19:40:57: (response.c.472) Rel-Path     : /newwebtest/test/ 
2014-05-31 19:40:57: (response.c.473) Path         :  
2014-05-31 19:40:57: (response.c.521) -- after doc_root 
2014-05-31 19:40:57: (response.c.522) Doc-Root     : /data/project/newwebtest/public_html 
2014-05-31 19:40:57: (response.c.523) Rel-Path     : /newwebtest/test/ 
2014-05-31 19:40:57: (response.c.524) Path         : /data/project/newwebtest/public_html/newwebtest/test/ 
2014-05-31 19:40:57: (response.c.541) -- logical -> physical 
2014-05-31 19:40:57: (response.c.542) Doc-Root     : /data/project/newwebtest/public_html 
2014-05-31 19:40:57: (response.c.543) Rel-Path     : /newwebtest/test/ 
2014-05-31 19:40:57: (response.c.544) Path         : /data/project/newwebtest/public_html//test/ 
2014-05-31 19:40:57: (response.c.561) -- handling physical path 
2014-05-31 19:40:57: (response.c.562) Path         : /data/project/newwebtest/public_html//test/ 
2014-05-31 19:40:57: (response.c.569) -- file found 
2014-05-31 19:40:57: (response.c.570) Path         : /data/project/newwebtest/public_html//test/ 
2014-05-31 19:40:57: (response.c.719) -- handling subrequest 
2014-05-31 19:40:57: (response.c.720) Path         : /data/project/newwebtest/public_html//test/ 
2014-05-31 19:40:57: (mod_indexfile.c.150) -- handling the request as Indexfile 
2014-05-31 19:40:57: (mod_indexfile.c.151) URI          : /newwebtest/test/ 
2014-05-31 19:40:57: (mod_access.c.135) -- mod_access_uri_handler called 
2014-05-31 19:40:57: (mod_compress.c.683) -- handling file as static file 
2014-05-31 19:40:57: (mod_staticfile.c.397) -- handling file as static file 
2014-05-31 19:40:57: (response.c.731) -- subrequest finished
Comment 9 Tim Landscheidt 2014-06-02 03:07:24 UTC 
(In reply to metatron from comment #8)
> Hmm, this need further knowledge on the subject.

> 1. Lighttpd is configured without ssl engine, and makes rewrite only for
> tool's root
> >> ssl.engine = "disable"
> >> alias.url = ( "/$tool" => "$home/public_html/" )
> [...]

No, it does not rewrite only tools' roots:

| scfc@tools-login:~$ curl -H 'Host: tools.wmflabs.org' -I http://tools-webgrid-02:4113/drtrigonbot/docs
| HTTP/1.1 301 Moved Permanently
| Location: http://tools.wmflabs.org/drtrigonbot/docs/
| Date: Mon, 02 Jun 2014 02:52:20 GMT
| Server: lighttpd/1.4.28

| scfc@tools-login:~$

As I have written a month ago.  And reiterated the day before yesterday.

> A. lighttp request handling , debug /without/ slash
> ## https://tools.wmflabs.org/newwebtest/test

> 2014-05-31 19:37:21: (response.c.300) -- splitting Request-URI 
> 2014-05-31 19:37:21: (response.c.301) Request-URI  :  /newwebtest/test/ 
> 2014-05-31 19:37:21: (response.c.302) URI-scheme   :  http 
> 2014-05-31 19:37:21: (response.c.303) URI-authority:  tools.wmflabs.org 
> 2014-05-31 19:37:21: (response.c.304) URI-path     :  /newwebtest/test/ 
> 2014-05-31 19:37:21: (response.c.305) URI-query    :   
> 2014-05-31 19:37:21: (response.c.349) -- sanatising URI 
> 2014-05-31 19:37:21: (response.c.350) URI-path     :  /newwebtest/test/ 
> 2014-05-31 19:37:21: (mod_access.c.135) -- mod_access_uri_handler called 
> 2014-05-31 19:37:21: (response.c.470) -- before doc_root 
> 2014-05-31 19:37:21: (response.c.471) Doc-Root     :
> /data/project/newwebtest/public_html 
> 2014-05-31 19:37:21: (response.c.472) Rel-Path     : /newwebtest/test/ 
> 2014-05-31 19:37:21: (response.c.473) Path         :  
> 2014-05-31 19:37:21: (response.c.521) -- after doc_root 
> 2014-05-31 19:37:21: (response.c.522) Doc-Root     :
> /data/project/newwebtest/public_html 
> 2014-05-31 19:37:21: (response.c.523) Rel-Path     : /newwebtest/test/ 
> 2014-05-31 19:37:21: (response.c.524) Path         :
> /data/project/newwebtest/public_html/newwebtest/test/ 
> 2014-05-31 19:37:21: (response.c.541) -- logical -> physical 
> 2014-05-31 19:37:21: (response.c.542) Doc-Root     :
> /data/project/newwebtest/public_html 
> 2014-05-31 19:37:21: (response.c.543) Rel-Path     : /newwebtest/test/ 
> 2014-05-31 19:37:21: (response.c.544) Path         :
> /data/project/newwebtest/public_html//test/ 
> 2014-05-31 19:37:21: (response.c.561) -- handling physical path 
> 2014-05-31 19:37:21: (response.c.562) Path         :
> /data/project/newwebtest/public_html//test/ 
> 2014-05-31 19:37:21: (response.c.569) -- file found 
> 2014-05-31 19:37:21: (response.c.570) Path         :
> /data/project/newwebtest/public_html//test/ 
> 2014-05-31 19:37:21: (response.c.719) -- handling subrequest 
> 2014-05-31 19:37:21: (response.c.720) Path         :
> /data/project/newwebtest/public_html//test/ 
> 2014-05-31 19:37:21: (mod_indexfile.c.150) -- handling the request as
> Indexfile 
> 2014-05-31 19:37:21: (mod_indexfile.c.151) URI          : /newwebtest/test/ 
> 2014-05-31 19:37:21: (mod_access.c.135) -- mod_access_uri_handler called 
> 2014-05-31 19:37:21: (mod_compress.c.683) -- handling file as static file 
> 2014-05-31 19:37:21: (mod_staticfile.c.397) -- handling file as static file 
> 2014-05-31 19:37:21: (response.c.731) -- subrequest finished 

> [...]

And this is just a lie.  The request log for https://tools.wmflabs.org/newwebtest/test looks like:

| 2014-06-02 03:00:13: (response.c.300) -- splitting Request-URI 
| 2014-06-02 03:00:13: (response.c.301) Request-URI  :  /newwebtest/test 
| 2014-06-02 03:00:13: (response.c.302) URI-scheme   :  http 
| 2014-06-02 03:00:13: (response.c.303) URI-authority:  tools.wmflabs.org 
| 2014-06-02 03:00:13: (response.c.304) URI-path     :  /newwebtest/test 
| 2014-06-02 03:00:13: (response.c.305) URI-query    :   
| 2014-06-02 03:00:13: (response.c.349) -- sanatising URI 
| 2014-06-02 03:00:13: (response.c.350) URI-path     :  /newwebtest/test 
| 2014-06-02 03:00:13: (mod_access.c.135) -- mod_access_uri_handler called 
| 2014-06-02 03:00:13: (response.c.470) -- before doc_root 
| 2014-06-02 03:00:13: (response.c.471) Doc-Root     : /data/project/newwebtest/public_html 
| 2014-06-02 03:00:13: (response.c.472) Rel-Path     : /newwebtest/test 
| 2014-06-02 03:00:13: (response.c.473) Path         :  
| 2014-06-02 03:00:13: (response.c.521) -- after doc_root 
| 2014-06-02 03:00:13: (response.c.522) Doc-Root     : /data/project/newwebtest/public_html 
| 2014-06-02 03:00:13: (response.c.523) Rel-Path     : /newwebtest/test 
| 2014-06-02 03:00:13: (response.c.524) Path         : /data/project/newwebtest/public_html/newwebtest/test 
| 2014-06-02 03:00:13: (response.c.541) -- logical -> physical 
| 2014-06-02 03:00:13: (response.c.542) Doc-Root     : /data/project/newwebtest/public_html 
| 2014-06-02 03:00:13: (response.c.543) Rel-Path     : /newwebtest/test 
| 2014-06-02 03:00:13: (response.c.544) Path         : /data/project/newwebtest/public_html//test 
| 2014-06-02 03:00:13: (response.c.561) -- handling physical path 
| 2014-06-02 03:00:13: (response.c.562) Path         : /data/project/newwebtest/public_html//test 
| 2014-06-02 03:00:13: (response.c.569) -- file found 
| 2014-06-02 03:00:13: (response.c.570) Path         : /data/project/newwebtest/public_html//test 
| 2014-06-02 03:00:13: (response.c.300) -- splitting Request-URI 
| 2014-06-02 03:00:13: (response.c.301) Request-URI  :  /newwebtest/test/ 
| 2014-06-02 03:00:13: (response.c.302) URI-scheme   :  http 
| 2014-06-02 03:00:13: (response.c.303) URI-authority:  tools.wmflabs.org 
| 2014-06-02 03:00:13: (response.c.304) URI-path     :  /newwebtest/test/ 
| 2014-06-02 03:00:13: (response.c.305) URI-query    :   
| 2014-06-02 03:00:13: (response.c.349) -- sanatising URI 
| 2014-06-02 03:00:13: (response.c.350) URI-path     :  /newwebtest/test/ 
| 2014-06-02 03:00:13: (mod_access.c.135) -- mod_access_uri_handler called 
| 2014-06-02 03:00:13: (response.c.470) -- before doc_root 
| 2014-06-02 03:00:13: (response.c.471) Doc-Root     : /data/project/newwebtest/public_html 
| 2014-06-02 03:00:13: (response.c.472) Rel-Path     : /newwebtest/test/ 
| 2014-06-02 03:00:13: (response.c.473) Path         :  
| 2014-06-02 03:00:13: (response.c.521) -- after doc_root 
| 2014-06-02 03:00:13: (response.c.522) Doc-Root     : /data/project/newwebtest/public_html 
| 2014-06-02 03:00:13: (response.c.523) Rel-Path     : /newwebtest/test/ 
| 2014-06-02 03:00:13: (response.c.524) Path         : /data/project/newwebtest/public_html/newwebtest/test/ 
| 2014-06-02 03:00:13: (response.c.541) -- logical -> physical 
| 2014-06-02 03:00:13: (response.c.542) Doc-Root     : /data/project/newwebtest/public_html 
| 2014-06-02 03:00:13: (response.c.543) Rel-Path     : /newwebtest/test/ 
| 2014-06-02 03:00:13: (response.c.544) Path         : /data/project/newwebtest/public_html//test/ 
| 2014-06-02 03:00:13: (response.c.561) -- handling physical path 
| 2014-06-02 03:00:13: (response.c.562) Path         : /data/project/newwebtest/public_html//test/ 
| 2014-06-02 03:00:13: (response.c.569) -- file found 
| 2014-06-02 03:00:13: (response.c.570) Path         : /data/project/newwebtest/public_html//test/ 
| 2014-06-02 03:00:13: (response.c.719) -- handling subrequest 
| 2014-06-02 03:00:13: (response.c.720) Path         : /data/project/newwebtest/public_html//test/ 
| 2014-06-02 03:00:13: (mod_indexfile.c.150) -- handling the request as Indexfile 
| 2014-06-02 03:00:13: (mod_indexfile.c.151) URI          : /newwebtest/test/ 
| 2014-06-02 03:00:13: (mod_access.c.135) -- mod_access_uri_handler called 
| 2014-06-02 03:00:13: (mod_compress.c.683) -- handling file as static file 
| 2014-06-02 03:00:13: (mod_staticfile.c.397) -- handling file as static file 
| 2014-06-02 03:00:13: (response.c.731) -- subrequest finished 

That clearly shows that there is an initial request that causes a redirect (by lighttpd) to be returned to the browser followed by another request with the correct URL.
Comment 10 Tim Landscheidt 2014-06-22 13:39:17 UTC 
I haven't receive any answer to http://serverfault.com/questions/602386/how-to-make-lighttpd-respect-x-forwarded-proto-when-constructing-redirects-for-d in the past two weeks; I have posted on the lighttpd support forum now as well at http://redmine.lighttpd.net/boards/2/topics/6028.

Solving this in nginx looks doable, but I'd prefer if we can fix it in lighttpd.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links