Mahara

Add SSL reverse proxy support like ssl_proxy in Moodle

Bug #829674 reported by Tony Box on 2011-08-19

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	High	Melissa Draper	Mahara 1.5.0
	mahara (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Mahara needs to have SSL reverse proxy support like Moodle does using ssl_proxy. All versions of Mahara are affected (we are on 1.4.1).

The issue is that we are serving SSL certificates from a load balancer. This means the Mahara server thinks itself is http which causes it to generate a shared key with http://mahara.mysite.com in the header.

This presents itself as a problem when trying to set up SSO with Moodle, since Moodle looks at Mahara's shared key, notices it's actually coming from a secure site (https) and says the key is incorrect.

Tags:

François Marier (fmarier) on 2011-08-21

Changed in mahara:
importance:	Undecided → High
milestone:	none → 1.5.0
status:	New → Triaged

Revision history for this message

François Marier (fmarier) wrote on 2011-08-22:

The first step towards this would be to start replacing all HTTPS checks in Mahara with the is_https() function being introduced in htdocs/lib/mahara.php as part of this change:

https://reviews.mahara.org/#change,564,patchset=1

tags:

added: https

François Marier (fmarier) on 2011-08-31

Changed in mahara:
assignee:	nobody → Melissa Draper (melissa)

Melissa Draper (melissa) on 2011-09-01

Changed in mahara:
status:	Triaged → In Progress

Revision history for this message

Melissa Draper (melissa) wrote on 2011-09-02:

https://reviews.mahara.org/631 and https://reviews.mahara.org/632

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2011-09-08: A change has been merged

Reviewed: https://reviews.mahara.org/632
Committed: http://gitorious.org/mahara/mahara/commit/b8ff08c684a79579ac10b344bd4f31e93d021f60
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit b8ff08c684a79579ac10b344bd4f31e93d021f60
Author: Melissa Draper <email address hidden>
Date: Fri Sep 2 13:58:10 2011 +1200

Change the https checks to use is_https() (bug #829674)

As per Francois' comment in the bug
https://bugs.launchpad.net/mahara/+bug/829674/comments/1

Change-Id: I03d99dbc93ea57d16240d0904c6bd670534f82b5
Signed-off-by: Melissa Draper <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2011-09-08:

Reviewed: https://reviews.mahara.org/631
Committed: http://gitorious.org/mahara/mahara/commit/2262a1a78b271998043288f6bfcf0c27c5797919
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit 2262a1a78b271998043288f6bfcf0c27c5797919
Author: Melissa Draper <email address hidden>
Date: Thu Sep 1 14:48:05 2011 +1200

Add configuration and init checks for SSL proxies (bug #829674)

    Currently use of a proxy such as nginx to force https usage results
    in a bit of loopiness. This patch adds the sslproxy setting and when
    this is set, mandates that the wwwroot be a https address.

Change-Id: Ic4cfe048202cea60098e60e57adb99a0cb594619
Signed-off-by: Melissa Draper <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2011-09-09:

Reviewed: https://reviews.mahara.org/671
Committed: http://gitorious.org/mahara/mahara/commit/aff1ab49ebcef630561441468f590745e01bc601
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit aff1ab49ebcef630561441468f590745e01bc601
Author: Melissa Draper <email address hidden>
Date: Fri Sep 9 13:22:55 2011 +1200

Add default sslproxy configuration (bug #829674)

This was missing and the error logs were being polluted as a result.

Change-Id: I80e6315d25fd1ccb71e37e77f7922784ec3d72ed
Signed-off-by: Melissa Draper <email address hidden>

Revision history for this message

Ruslan Kabalin (rkabalin) wrote on 2011-09-09:

See https://bugs.launchpad.net/mahara/+bug/845438 (probably should have posted the issue here)

Revision history for this message

Ruslan Kabalin (rkabalin) wrote on 2011-09-09:

Ah, I see, you fixed in already... never mind then.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2011-09-12:

Reviewed: https://reviews.mahara.org/680
Committed: http://gitorious.org/mahara/mahara/commit/9661d218f35ae7d783bbd9b9e2ae344cb5413c7d
Submitter: Richard Mansfield (<email address hidden>)
Branch: master

commit 9661d218f35ae7d783bbd9b9e2ae344cb5413c7d
Author: Francois Marier <email address hidden>
Date: Mon Sep 12 15:17:19 2011 +1200

Fix infinite redirect loops when running on https

This partly reverts commit b8ff08c684a79579ac10b344bd4f31e93d021f60
which was done to fix bug #829674.

The is_https() function should only be used when checking for the
presence of https in the wwwroot.

Change-Id: Ifeec5422e26b8a7205baf2816a99c7a77b33b933
Signed-off-by: Francois Marier <email address hidden>

François Marier (fmarier) on 2011-10-06

Changed in mahara:
status:	In Progress → Fix Committed

Melissa Draper (melissa) on 2012-04-02

Changed in mahara (Ubuntu):
status:	New → Invalid

Melissa Draper (melissa) on 2012-04-17

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #845438

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.