-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Web Interface Login button/POST "http" while all other links "https" #293
Comments
@bushong1 If you look at the proxy base URL what is it set to. Maybe you need to define the following env variables https://github.com/kartoza/docker-geoserver#proxy-base-url |
@NyakudyaA thanks for the suggestion, but i've had no luck. For testing purposes i set:
With the expectation that the form submission link would be generated with the url: Popping open browser inspect: For most links that are improperly generated, it's not a big deal because we have a 301 redirect from 80->443, but POSTs don't honor redirects by design. Any other ideas? |
Maybe you need to set the https proxy env. Do you have an example of a docker-compose you using or helm chart |
I'm facing same issue using 2.19.2. I tried to include protocol at Setting |
Can you please share a docker-compose to replicate |
When using 2.18.2 is working fine, generating a valid URL for login POST request (with https protocol). Now I'm able to login again, with 2.19.2 the mixed http/https content was breaking it. I have no easy to use docker-compose example, because it needs Traefik reverse-proxy and I'm using a clustered environment, but these are the used environment variables for primary instance:
|
Using the new feature for getting config files from
Tried using Got the idea from: https://stackoverflow.com/questions/68783126/issue-with-geoserver-login-with-ssl |
Got it working using:
at |
I have just tested this with the following command
Everything works as expected and in a combination with manually setting the proxy_base URL in web.xml and mounting it, I think this is sufficient enough to close this issue @bushong1 cc @pedroetb |
Ok, but I prefer not enabling SSL at geoserver side (not needed for my use case). Using the web.xml setting is enough for me. Thanks! |
@NyakudyaA I also prefer not enabling SSL at the Geoserver side. I'll give the web.xml part a shot. |
geoserver 2.19.2+ needs PROXY_BASE_URL set properly or authentication from the web UI always fails (kartoza/docker-geoserver#293) add geoserver settings directory and volume mount to docker-compose EXISTING_DATA_DIR must be false to initialize geoserver username / passwords
This is simply fixed by adding the env variables if you are terminating SSL
|
Thank you very much for your contributions, in my case I solved it this way:
|
…on isn't entirely correct and forces all requests to `https`. This can cause the local healthcheck to fail. This fix is for hosting Geoserver behind an SSL layer e.g. AWS Load Balancer or Cloudfront. It will allow it to be accessed via http OR https. 1. nginx.conf: the proxy headers are passed by the Nginx reverse proxy 2. server.xml: a fix for tomcat to accept the proxy scheme (e.g. https) using RemoteIpValve *There may be a better way to write the xml insertion..
…t entirely correct (#525) * Fix output to file directions * Stop overwriting gwc-gs.xml every time * Fixes #293 - although this is marked as resolved, the resolution isn't entirely correct and forces all requests to `https`. This can cause the local healthcheck to fail. This fix is for hosting Geoserver behind an SSL layer e.g. AWS Load Balancer or Cloudfront. It will allow it to be accessed via http OR https. 1. nginx.conf: the proxy headers are passed by the Nginx reverse proxy 2. server.xml: a fix for tomcat to accept the proxy scheme (e.g. https) using RemoteIpValve
After commit c7dd64d (using ...
traefik.http.middlewares.add-proxy-protocol-header.headers.customrequestheaders.x-forwarded-proto: https
traefik.http.routers.geoserver-master-admin.middlewares: add-proxy-protocol-header
... |
Maybe you could propose a PR, where you can add an env variable like
|
In this case, I think it's not possible, because these settings are for an external service, not used by GeoServer (for Traefik autodiscovery of Docker Swarm services). |
Better to add it in the README so that it doesn't get lost in the comment here |
Whenever I try to login to my geoserver with a browser, it is failing to connect. I believe i've tracked it down to the fact that the login url is being presented to the client as HTTP, which is strange because all other URLs on the site are HTTPS as i expect, but not Login.
My system is setup behind a Load Balancer which handles certs/TLS termination, and then proxies requests to the docker container. There's no expectation that the docker container will get an HTTPS request, or that letsencrypt will run or anything. This seems to be fine for all web interface links except Login.
Is there an environment variable I can configure to tell the Login button to use
https://
without requiring the whole container to have self-managed certs? Is this a bug with geoserver?The text was updated successfully, but these errors were encountered: