Last modified: 2014-10-01 13:43:33 UTC
+++ This bug was initially created as a clone of Bug #59926 +++ lighttpd redirects URLs of directories without a trailing slash from https to http, i. e.: | [tim@passepartout ~]$ curl -I https://tools.wmflabs.org/matthewrbowker/cnrd | HTTP/1.1 301 Moved Permanently | Server: nginx/1.5.0 | Date: Tue, 29 Apr 2014 22:07:20 GMT | Connection: keep-alive | Location: http://tools.wmflabs.org/matthewrbowker/cnrd/ | [tim@passepartout ~]$ So we'll need to teach lighttpd about https (or rewrite redirects in nginx?). From bug #59926, comment #8: > [...] The proxy provides an X-FORWARDED-PROTO header which can > be used by the application to construct URIs if it really must redirect > between protocols.
dupe of https://bugzilla.wikimedia.org/show_bug.cgi?id=53689 ?
(In reply to Liangent from comment #1) > dupe of https://bugzilla.wikimedia.org/show_bug.cgi?id=53689 ? seems this bug was accidentially fixed.
(In reply to Liangent from comment #2) > > dupe of https://bugzilla.wikimedia.org/show_bug.cgi?id=53689 ? > seems this bug was accidentially fixed. Just to be clear: Now you don't consider /this/ bug #64627 a duplicate of bug #53689, and this bug #64627 is "still" not fixed?
(In reply to Tim Landscheidt from comment #3) > (In reply to Liangent from comment #2) > > > dupe of https://bugzilla.wikimedia.org/show_bug.cgi?id=53689 ? > > > seems this bug was accidentially fixed. > > Just to be clear: Now you don't consider /this/ bug #64627 a duplicate of > bug #53689, and this bug #64627 is "still" not fixed? right
If trailing / is missing, proxy adds it but switches then from https to http Example: (all but the last entry in top menu have trailing / ) I left the last without it, to have some guinea pig. 1. https://tools.wmflabs.org/xtools/ec/ 2. Select menu SC
And it is webproxy who does this, not lighty. So, the caption of this bz may be misleading.
(In reply to metatron from comment #6) > And it is webproxy who does this, not lighty. So, the caption of this bz may > be misleading. No, it doesn't. The webproxy passes the request to lighttpd who then -- if needed -- generates a redirect which will always be to the http server. That gets passed unchanged to the client. Isn't that what I already wrote in comment #0?
Hmm, this need further knowledge on the subject. 1. Lighttpd is configured without ssl engine, and makes rewrite only for tool's root >> ssl.engine = "disable" >> alias.url = ( "/$tool" => "$home/public_html/" ) 2. the requested url /is/ https and should be served as https. This is indsiputabled the job of webproxy, as lighty doesn't know anything about ssl. 3. the debug output below shows 2 requests, https with and without trauling slash for static index.html in /newwebtest/test folder - they are both identical (as expected on lighty's side) A. lighttp request handling , debug /without/ slash ## https://tools.wmflabs.org/newwebtest/test 2014-05-31 19:37:21: (response.c.300) -- splitting Request-URI 2014-05-31 19:37:21: (response.c.301) Request-URI : /newwebtest/test/ 2014-05-31 19:37:21: (response.c.302) URI-scheme : http 2014-05-31 19:37:21: (response.c.303) URI-authority: tools.wmflabs.org 2014-05-31 19:37:21: (response.c.304) URI-path : /newwebtest/test/ 2014-05-31 19:37:21: (response.c.305) URI-query : 2014-05-31 19:37:21: (response.c.349) -- sanatising URI 2014-05-31 19:37:21: (response.c.350) URI-path : /newwebtest/test/ 2014-05-31 19:37:21: (mod_access.c.135) -- mod_access_uri_handler called 2014-05-31 19:37:21: (response.c.470) -- before doc_root 2014-05-31 19:37:21: (response.c.471) Doc-Root : /data/project/newwebtest/public_html 2014-05-31 19:37:21: (response.c.472) Rel-Path : /newwebtest/test/ 2014-05-31 19:37:21: (response.c.473) Path : 2014-05-31 19:37:21: (response.c.521) -- after doc_root 2014-05-31 19:37:21: (response.c.522) Doc-Root : /data/project/newwebtest/public_html 2014-05-31 19:37:21: (response.c.523) Rel-Path : /newwebtest/test/ 2014-05-31 19:37:21: (response.c.524) Path : /data/project/newwebtest/public_html/newwebtest/test/ 2014-05-31 19:37:21: (response.c.541) -- logical -> physical 2014-05-31 19:37:21: (response.c.542) Doc-Root : /data/project/newwebtest/public_html 2014-05-31 19:37:21: (response.c.543) Rel-Path : /newwebtest/test/ 2014-05-31 19:37:21: (response.c.544) Path : /data/project/newwebtest/public_html//test/ 2014-05-31 19:37:21: (response.c.561) -- handling physical path 2014-05-31 19:37:21: (response.c.562) Path : /data/project/newwebtest/public_html//test/ 2014-05-31 19:37:21: (response.c.569) -- file found 2014-05-31 19:37:21: (response.c.570) Path : /data/project/newwebtest/public_html//test/ 2014-05-31 19:37:21: (response.c.719) -- handling subrequest 2014-05-31 19:37:21: (response.c.720) Path : /data/project/newwebtest/public_html//test/ 2014-05-31 19:37:21: (mod_indexfile.c.150) -- handling the request as Indexfile 2014-05-31 19:37:21: (mod_indexfile.c.151) URI : /newwebtest/test/ 2014-05-31 19:37:21: (mod_access.c.135) -- mod_access_uri_handler called 2014-05-31 19:37:21: (mod_compress.c.683) -- handling file as static file 2014-05-31 19:37:21: (mod_staticfile.c.397) -- handling file as static file 2014-05-31 19:37:21: (response.c.731) -- subrequest finished B. lighttp request handling , debug /with/ slash ## https://tools.wmflabs.org/newwebtest/test/ 2014-05-31 19:40:57: (response.c.300) -- splitting Request-URI 2014-05-31 19:40:57: (response.c.301) Request-URI : /newwebtest/test/ 2014-05-31 19:40:57: (response.c.302) URI-scheme : http 2014-05-31 19:40:57: (response.c.303) URI-authority: tools.wmflabs.org 2014-05-31 19:40:57: (response.c.304) URI-path : /newwebtest/test/ 2014-05-31 19:40:57: (response.c.305) URI-query : 2014-05-31 19:40:57: (response.c.349) -- sanatising URI 2014-05-31 19:40:57: (response.c.350) URI-path : /newwebtest/test/ 2014-05-31 19:40:57: (mod_access.c.135) -- mod_access_uri_handler called 2014-05-31 19:40:57: (response.c.470) -- before doc_root 2014-05-31 19:40:57: (response.c.471) Doc-Root : /data/project/newwebtest/public_html 2014-05-31 19:40:57: (response.c.472) Rel-Path : /newwebtest/test/ 2014-05-31 19:40:57: (response.c.473) Path : 2014-05-31 19:40:57: (response.c.521) -- after doc_root 2014-05-31 19:40:57: (response.c.522) Doc-Root : /data/project/newwebtest/public_html 2014-05-31 19:40:57: (response.c.523) Rel-Path : /newwebtest/test/ 2014-05-31 19:40:57: (response.c.524) Path : /data/project/newwebtest/public_html/newwebtest/test/ 2014-05-31 19:40:57: (response.c.541) -- logical -> physical 2014-05-31 19:40:57: (response.c.542) Doc-Root : /data/project/newwebtest/public_html 2014-05-31 19:40:57: (response.c.543) Rel-Path : /newwebtest/test/ 2014-05-31 19:40:57: (response.c.544) Path : /data/project/newwebtest/public_html//test/ 2014-05-31 19:40:57: (response.c.561) -- handling physical path 2014-05-31 19:40:57: (response.c.562) Path : /data/project/newwebtest/public_html//test/ 2014-05-31 19:40:57: (response.c.569) -- file found 2014-05-31 19:40:57: (response.c.570) Path : /data/project/newwebtest/public_html//test/ 2014-05-31 19:40:57: (response.c.719) -- handling subrequest 2014-05-31 19:40:57: (response.c.720) Path : /data/project/newwebtest/public_html//test/ 2014-05-31 19:40:57: (mod_indexfile.c.150) -- handling the request as Indexfile 2014-05-31 19:40:57: (mod_indexfile.c.151) URI : /newwebtest/test/ 2014-05-31 19:40:57: (mod_access.c.135) -- mod_access_uri_handler called 2014-05-31 19:40:57: (mod_compress.c.683) -- handling file as static file 2014-05-31 19:40:57: (mod_staticfile.c.397) -- handling file as static file 2014-05-31 19:40:57: (response.c.731) -- subrequest finished
(In reply to metatron from comment #8) > Hmm, this need further knowledge on the subject. > 1. Lighttpd is configured without ssl engine, and makes rewrite only for > tool's root > >> ssl.engine = "disable" > >> alias.url = ( "/$tool" => "$home/public_html/" ) > [...] No, it does not rewrite only tools' roots: | scfc@tools-login:~$ curl -H 'Host: tools.wmflabs.org' -I http://tools-webgrid-02:4113/drtrigonbot/docs | HTTP/1.1 301 Moved Permanently | Location: http://tools.wmflabs.org/drtrigonbot/docs/ | Date: Mon, 02 Jun 2014 02:52:20 GMT | Server: lighttpd/1.4.28 | scfc@tools-login:~$ As I have written a month ago. And reiterated the day before yesterday. > A. lighttp request handling , debug /without/ slash > ## https://tools.wmflabs.org/newwebtest/test > 2014-05-31 19:37:21: (response.c.300) -- splitting Request-URI > 2014-05-31 19:37:21: (response.c.301) Request-URI : /newwebtest/test/ > 2014-05-31 19:37:21: (response.c.302) URI-scheme : http > 2014-05-31 19:37:21: (response.c.303) URI-authority: tools.wmflabs.org > 2014-05-31 19:37:21: (response.c.304) URI-path : /newwebtest/test/ > 2014-05-31 19:37:21: (response.c.305) URI-query : > 2014-05-31 19:37:21: (response.c.349) -- sanatising URI > 2014-05-31 19:37:21: (response.c.350) URI-path : /newwebtest/test/ > 2014-05-31 19:37:21: (mod_access.c.135) -- mod_access_uri_handler called > 2014-05-31 19:37:21: (response.c.470) -- before doc_root > 2014-05-31 19:37:21: (response.c.471) Doc-Root : > /data/project/newwebtest/public_html > 2014-05-31 19:37:21: (response.c.472) Rel-Path : /newwebtest/test/ > 2014-05-31 19:37:21: (response.c.473) Path : > 2014-05-31 19:37:21: (response.c.521) -- after doc_root > 2014-05-31 19:37:21: (response.c.522) Doc-Root : > /data/project/newwebtest/public_html > 2014-05-31 19:37:21: (response.c.523) Rel-Path : /newwebtest/test/ > 2014-05-31 19:37:21: (response.c.524) Path : > /data/project/newwebtest/public_html/newwebtest/test/ > 2014-05-31 19:37:21: (response.c.541) -- logical -> physical > 2014-05-31 19:37:21: (response.c.542) Doc-Root : > /data/project/newwebtest/public_html > 2014-05-31 19:37:21: (response.c.543) Rel-Path : /newwebtest/test/ > 2014-05-31 19:37:21: (response.c.544) Path : > /data/project/newwebtest/public_html//test/ > 2014-05-31 19:37:21: (response.c.561) -- handling physical path > 2014-05-31 19:37:21: (response.c.562) Path : > /data/project/newwebtest/public_html//test/ > 2014-05-31 19:37:21: (response.c.569) -- file found > 2014-05-31 19:37:21: (response.c.570) Path : > /data/project/newwebtest/public_html//test/ > 2014-05-31 19:37:21: (response.c.719) -- handling subrequest > 2014-05-31 19:37:21: (response.c.720) Path : > /data/project/newwebtest/public_html//test/ > 2014-05-31 19:37:21: (mod_indexfile.c.150) -- handling the request as > Indexfile > 2014-05-31 19:37:21: (mod_indexfile.c.151) URI : /newwebtest/test/ > 2014-05-31 19:37:21: (mod_access.c.135) -- mod_access_uri_handler called > 2014-05-31 19:37:21: (mod_compress.c.683) -- handling file as static file > 2014-05-31 19:37:21: (mod_staticfile.c.397) -- handling file as static file > 2014-05-31 19:37:21: (response.c.731) -- subrequest finished > [...] And this is just a lie. The request log for https://tools.wmflabs.org/newwebtest/test looks like: | 2014-06-02 03:00:13: (response.c.300) -- splitting Request-URI | 2014-06-02 03:00:13: (response.c.301) Request-URI : /newwebtest/test | 2014-06-02 03:00:13: (response.c.302) URI-scheme : http | 2014-06-02 03:00:13: (response.c.303) URI-authority: tools.wmflabs.org | 2014-06-02 03:00:13: (response.c.304) URI-path : /newwebtest/test | 2014-06-02 03:00:13: (response.c.305) URI-query : | 2014-06-02 03:00:13: (response.c.349) -- sanatising URI | 2014-06-02 03:00:13: (response.c.350) URI-path : /newwebtest/test | 2014-06-02 03:00:13: (mod_access.c.135) -- mod_access_uri_handler called | 2014-06-02 03:00:13: (response.c.470) -- before doc_root | 2014-06-02 03:00:13: (response.c.471) Doc-Root : /data/project/newwebtest/public_html | 2014-06-02 03:00:13: (response.c.472) Rel-Path : /newwebtest/test | 2014-06-02 03:00:13: (response.c.473) Path : | 2014-06-02 03:00:13: (response.c.521) -- after doc_root | 2014-06-02 03:00:13: (response.c.522) Doc-Root : /data/project/newwebtest/public_html | 2014-06-02 03:00:13: (response.c.523) Rel-Path : /newwebtest/test | 2014-06-02 03:00:13: (response.c.524) Path : /data/project/newwebtest/public_html/newwebtest/test | 2014-06-02 03:00:13: (response.c.541) -- logical -> physical | 2014-06-02 03:00:13: (response.c.542) Doc-Root : /data/project/newwebtest/public_html | 2014-06-02 03:00:13: (response.c.543) Rel-Path : /newwebtest/test | 2014-06-02 03:00:13: (response.c.544) Path : /data/project/newwebtest/public_html//test | 2014-06-02 03:00:13: (response.c.561) -- handling physical path | 2014-06-02 03:00:13: (response.c.562) Path : /data/project/newwebtest/public_html//test | 2014-06-02 03:00:13: (response.c.569) -- file found | 2014-06-02 03:00:13: (response.c.570) Path : /data/project/newwebtest/public_html//test | 2014-06-02 03:00:13: (response.c.300) -- splitting Request-URI | 2014-06-02 03:00:13: (response.c.301) Request-URI : /newwebtest/test/ | 2014-06-02 03:00:13: (response.c.302) URI-scheme : http | 2014-06-02 03:00:13: (response.c.303) URI-authority: tools.wmflabs.org | 2014-06-02 03:00:13: (response.c.304) URI-path : /newwebtest/test/ | 2014-06-02 03:00:13: (response.c.305) URI-query : | 2014-06-02 03:00:13: (response.c.349) -- sanatising URI | 2014-06-02 03:00:13: (response.c.350) URI-path : /newwebtest/test/ | 2014-06-02 03:00:13: (mod_access.c.135) -- mod_access_uri_handler called | 2014-06-02 03:00:13: (response.c.470) -- before doc_root | 2014-06-02 03:00:13: (response.c.471) Doc-Root : /data/project/newwebtest/public_html | 2014-06-02 03:00:13: (response.c.472) Rel-Path : /newwebtest/test/ | 2014-06-02 03:00:13: (response.c.473) Path : | 2014-06-02 03:00:13: (response.c.521) -- after doc_root | 2014-06-02 03:00:13: (response.c.522) Doc-Root : /data/project/newwebtest/public_html | 2014-06-02 03:00:13: (response.c.523) Rel-Path : /newwebtest/test/ | 2014-06-02 03:00:13: (response.c.524) Path : /data/project/newwebtest/public_html/newwebtest/test/ | 2014-06-02 03:00:13: (response.c.541) -- logical -> physical | 2014-06-02 03:00:13: (response.c.542) Doc-Root : /data/project/newwebtest/public_html | 2014-06-02 03:00:13: (response.c.543) Rel-Path : /newwebtest/test/ | 2014-06-02 03:00:13: (response.c.544) Path : /data/project/newwebtest/public_html//test/ | 2014-06-02 03:00:13: (response.c.561) -- handling physical path | 2014-06-02 03:00:13: (response.c.562) Path : /data/project/newwebtest/public_html//test/ | 2014-06-02 03:00:13: (response.c.569) -- file found | 2014-06-02 03:00:13: (response.c.570) Path : /data/project/newwebtest/public_html//test/ | 2014-06-02 03:00:13: (response.c.719) -- handling subrequest | 2014-06-02 03:00:13: (response.c.720) Path : /data/project/newwebtest/public_html//test/ | 2014-06-02 03:00:13: (mod_indexfile.c.150) -- handling the request as Indexfile | 2014-06-02 03:00:13: (mod_indexfile.c.151) URI : /newwebtest/test/ | 2014-06-02 03:00:13: (mod_access.c.135) -- mod_access_uri_handler called | 2014-06-02 03:00:13: (mod_compress.c.683) -- handling file as static file | 2014-06-02 03:00:13: (mod_staticfile.c.397) -- handling file as static file | 2014-06-02 03:00:13: (response.c.731) -- subrequest finished That clearly shows that there is an initial request that causes a redirect (by lighttpd) to be returned to the browser followed by another request with the correct URL.
I haven't receive any answer to http://serverfault.com/questions/602386/how-to-make-lighttpd-respect-x-forwarded-proto-when-constructing-redirects-for-d in the past two weeks; I have posted on the lighttpd support forum now as well at http://redmine.lighttpd.net/boards/2/topics/6028. Solving this in nginx looks doable, but I'd prefer if we can fix it in lighttpd.