Add SSL reverse proxy support like ssl_proxy in Moodle

Bug #829674 reported by Tony Box on 2011-08-19
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
High
Melissa Draper
mahara (Ubuntu)
Undecided
Unassigned

Bug Description

Mahara needs to have SSL reverse proxy support like Moodle does using ssl_proxy. All versions of Mahara are affected (we are on 1.4.1).

The issue is that we are serving SSL certificates from a load balancer. This means the Mahara server thinks itself is http which causes it to generate a shared key with http://mahara.mysite.com in the header.

This presents itself as a problem when trying to set up SSO with Moodle, since Moodle looks at Mahara's shared key, notices it's actually coming from a secure site (https) and says the key is incorrect.

Changed in mahara:
importance: Undecided → High
milestone: none → 1.5.0
status: New → Triaged
François Marier (fmarier) wrote :

The first step towards this would be to start replacing all HTTPS checks in Mahara with the is_https() function being introduced in htdocs/lib/mahara.php as part of this change:

  https://reviews.mahara.org/#change,564,patchset=1

tags: added: https
Changed in mahara:
assignee: nobody → Melissa Draper (melissa)
Melissa Draper (melissa) on 2011-09-01
Changed in mahara:
status: Triaged → In Progress

Reviewed: https://reviews.mahara.org/632
Committed: http://gitorious.org/mahara/mahara/commit/b8ff08c684a79579ac10b344bd4f31e93d021f60
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit b8ff08c684a79579ac10b344bd4f31e93d021f60
Author: Melissa Draper <email address hidden>
Date: Fri Sep 2 13:58:10 2011 +1200

    Change the https checks to use is_https() (bug #829674)

    As per Francois' comment in the bug
    https://bugs.launchpad.net/mahara/+bug/829674/comments/1

    Change-Id: I03d99dbc93ea57d16240d0904c6bd670534f82b5
    Signed-off-by: Melissa Draper <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/631
Committed: http://gitorious.org/mahara/mahara/commit/2262a1a78b271998043288f6bfcf0c27c5797919
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit 2262a1a78b271998043288f6bfcf0c27c5797919
Author: Melissa Draper <email address hidden>
Date: Thu Sep 1 14:48:05 2011 +1200

    Add configuration and init checks for SSL proxies (bug #829674)

    Currently use of a proxy such as nginx to force https usage results
    in a bit of loopiness. This patch adds the sslproxy setting and when
    this is set, mandates that the wwwroot be a https address.

    Change-Id: Ic4cfe048202cea60098e60e57adb99a0cb594619
    Signed-off-by: Melissa Draper <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/671
Committed: http://gitorious.org/mahara/mahara/commit/aff1ab49ebcef630561441468f590745e01bc601
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit aff1ab49ebcef630561441468f590745e01bc601
Author: Melissa Draper <email address hidden>
Date: Fri Sep 9 13:22:55 2011 +1200

    Add default sslproxy configuration (bug #829674)

    This was missing and the error logs were being polluted as a result.

    Change-Id: I80e6315d25fd1ccb71e37e77f7922784ec3d72ed
    Signed-off-by: Melissa Draper <email address hidden>

Ruslan Kabalin (rkabalin) wrote :

See https://bugs.launchpad.net/mahara/+bug/845438 (probably should have posted the issue here)

Ruslan Kabalin (rkabalin) wrote :

Ah, I see, you fixed in already... never mind then.

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/680
Committed: http://gitorious.org/mahara/mahara/commit/9661d218f35ae7d783bbd9b9e2ae344cb5413c7d
Submitter: Richard Mansfield (<email address hidden>)
Branch: master

commit 9661d218f35ae7d783bbd9b9e2ae344cb5413c7d
Author: Francois Marier <email address hidden>
Date: Mon Sep 12 15:17:19 2011 +1200

    Fix infinite redirect loops when running on https

    This partly reverts commit b8ff08c684a79579ac10b344bd4f31e93d021f60
    which was done to fix bug #829674.

    The is_https() function should only be used when checking for the
    presence of https in the wwwroot.

    Change-Id: Ifeec5422e26b8a7205baf2816a99c7a77b33b933
    Signed-off-by: Francois Marier <email address hidden>

Changed in mahara:
status: In Progress → Fix Committed
Melissa Draper (melissa) on 2012-04-02
Changed in mahara (Ubuntu):
status: New → Invalid
Melissa Draper (melissa) on 2012-04-17
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers