Page 1 of 1

Wrong next URL scheme

Posted: Tue Dec 15, 2020 8:01 pm
by walnuss0815
Hello,

I am using Mayan EDMS in Docker behind a NGINX proxy and access it using https. When I am using the API to get the documents the APi returns a "next" URL starting with http. So the result looks like this:

GET https://edms.example.com/api/documents/

Code: Select all

{
    "count": 512,
    "next": "http://edms.example.com/api/documents/?page=2",
    "previous": null,
    "results": [...]
}
I already tried to fix it by settings "proxy_set_header X-Forwarded-Proto $scheme;" in NGINX config. Is there a possibility to get the URL with the correct scheme?

Re: Wrong next URL scheme

Posted: Wed Mar 31, 2021 1:38 am
by noses
walnuss0815 wrote: Tue Dec 15, 2020 8:01 pm I already tried to fix it by settings "proxy_set_header X-Forwarded-Proto $scheme;" in NGINX config. Is there a possibility to get the URL with the correct scheme?
I independently added that as feature request to the gitlab issues and it was closed immediately but I got the general answer "Specify project url with https scheme in COMMON_PROJECT_URL variable." from Ilya Pavlov.

Sadly the manual does not give an example what is expected there as neither "https" nor "https://", "https://my.site.com", "https://my.site.com/" or "https://my.site.com:443/" resulted in anything but an empty page or an error. But that variable should do the trick.

I gave up and added a call to this

Code: Select all

  def __url_fixup (self, url):
    """
    At the moment all returned URLs from Mayan will use the "http" scheme and there is no parameter permitting to change that
    This function will return a URL with the scheme that was selected during intialization of the connection object.
    """
    if url:
      url_decomposed = urlparse (url)
      new_url = url_decomposed._replace ("https")
      return urlunparse (new_url)
    else:
      return None
to my code. Clumsy but efficient.

Re: Wrong next URL scheme

Posted: Wed Mar 31, 2021 12:48 pm
by spirkaa
noses wrote: Wed Mar 31, 2021 1:38 am
walnuss0815 wrote: Tue Dec 15, 2020 8:01 pm I already tried to fix it by settings "proxy_set_header X-Forwarded-Proto $scheme;" in NGINX config. Is there a possibility to get the URL with the correct scheme?
I independently added that as feature request to the gitlab issues and it was closed immediately but I got the general answer "Specify project url with https scheme in COMMON_PROJECT_URL variable." from Ilya Pavlov.
My bad, this variable has nothing to do with API scheme. But there are Django own setting SECURE_PROXY_SSL_HEADER.
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
That works for me

Re: Wrong next URL scheme

Posted: Wed Mar 31, 2021 3:26 pm
by walnuss0815
The SECURE_PROXY_SSL_HEADER looks promising. :)

I tested it in my setup and it did not work. :( The Django settings page now shows the following:

Code: Select all

SECURE_PROXY_SSL_HEADER    ('HTTP_X_FORWARDED_PROTO', 'https')
I also configured the NGINX proxy to set the HTTP_X_FORWARDED_PROTO header like this:

Code: Select all

proxy_set_header            X-Forwarded-Proto: https;
Did I miss something?

Re: Wrong next URL scheme

Posted: Fri Apr 02, 2021 6:38 pm
by spirkaa

Code: Select all

proxy_set_header X-Forwarded-Proto  $scheme;

Re: Wrong next URL scheme

Posted: Sat Apr 03, 2021 8:37 am
by walnuss0815
It still does not work. I ve checked my proxy config and Mayan EDMS config twice.

The NGINX proxy config looks like this:

Code: Select all

...
  location / {
    proxy_pass                  http://app:8000;
    proxy_set_header            Host $host;
    proxy_redirect              http:// https://;
    proxy_http_version          1.1;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header            X-Forwarded-Proto $scheme;
    proxy_set_header            Upgrade $http_upgrade;
    proxy_set_header            Connection $connection_upgrade;
  }
...

Re: Wrong next URL scheme

Posted: Wed Aug 25, 2021 3:58 am
by rosarior
Version 4.0.13 solves this for all use cases: https://docs.mayan-edms.com/releases/4. ... anizations

We patched Django's low level code to ensure proper and predictable redirection regardless of the reverse proxy passing the variables or not.