Edgewall Software
Modify

Opened 13 years ago

Closed 13 years ago

#3207 closed defect (duplicate)

tracd uses wrong URL scheme when behind https proxy

Reported by: lindig@… Owned by: Jonas Borgström
Priority: normal Milestone:
Component: general Version: 0.9.5
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:

Description

I'm running tracd 0.95 (from Debian testing) on port 8080 and lighttpd serving https. Lighttpd is configured as a proxy for tracd - which works fine:

https://trac.vistabella.de/annot/

proxy.debug = 0
$HTTP["host"] =~ "(trac|svn).vistabella.de" {
       proxy.server = ("/" => (( "host" => "127.0.0.1", "port" => 8080)))
}

However, I cannot login to become an authenticated user or do anyhting that provokes trac to issue a new URL:

My browser complains:

Safari can't open the page "http://trac.vistabella.de/annot" because
it could not connect to the server "trac.vistabella.de". 

This is correct, since it should connect using https. Is there a way to make trac aware of the fact that it is behind a https proxy?

After reading tickets here and the code in web/api.py, I suspect this could be related to #2553. Tracd is started with the following parameters:

tracd -d -p 8080 --auth *,/etc/trac/passwd,vistabella -e /pub/trac

Is there any parameter in the tracd.ini that affects the choice of the URL scheme tracd uses?

Attachments (0)

Change History (8)

comment:1 by Christopher Lenz, 13 years ago

Are you sure you're using 0.9.5 and not some earlier version?

comment:2 by lindig@…, 13 years ago

I'm quite sure (see below); this is also what the footer on https://trac.vistabella.de/annot/ says (the URL that I provided).

I took a look at the logfile that tracd produced when started without -d. I don't know anything about HTTP proxying but at least from the logfile it seems that tracd has no way of knowing whether the original request was http or https (since it receices http and runs on port 8080 but must produce https). I therefore believe tracd must be told explicitly what scheme to use. Maybe the problem could be solved on the Lighttp side but I would prefer a tracd solution.

: ~; apt-cache show trac
Package: trac
Priority: optional
Section: web
Installed-Size: 1696
Maintainer: Jesus Climent <jesus.climent@hispalinux.es>
Architecture: all
Version: 0.9.5-1
Depends: python (>= 2.3), python (<< 2.4), python-clearsilver (>= 0.9.3), python-pysqlite2 | python-sqlite (>= 0.4.3) | python2.3-psycopg, python2.3-subversion, subversion (>= 1.0.1)
Recommends: apache2 | httpd, python2.3-setuptools (>= 0.5a13)
Suggests: enscript, python-docutils, libapache2-mod-python
Filename: pool/main/t/trac/trac_0.9.5-1_all.deb
Size: 300480
MD5sum: 5e8e4447aaae043d590589662f9ae1a1

comment:3 by lindig@…, 13 years ago

To solve the problem, I have hard-coded the scheme to https in web/api.py for now. So the URL provided no longer shows the bug.

comment:4 by lindig@…, 13 years ago

See also #3208, which seems to be the same issue.

comment:5 by otik@…, 13 years ago

I have similar problem but just in repository list (#3208), but can login without problem !. I'm not sure about same issue.

comment:6 by otik@…, 13 years ago

dear lindig@…, may you describe better your fix. THX

comment:7 by lindig@…, 13 years ago

From my perspective, it's a design decision: Tracd running standalone does everything right. The problem is when running it behind a HTTPS proxy. We could argue, that it is the proxy's problem to fix the impedance mismatch between receiving HTTPS and proxying to a Tracd using HTTP.

On the other hand, I believe running Tracd behind a proxy is a very good choice and should be supported. Since (I believe) Tracd can't figure out the right URL scheme to use in all cases, a configuration option would be helpful . The heuristic implemented in source:trunk/trac/web/api.py seems not work in this case. Therefore I don't think #3207 is a genuine bug but a feature wish for better support of running Tracd behind a proxy.

comment:8 by Christian Boos, 13 years ago

Resolution: duplicate
Status: newclosed

See #2553.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to as closed The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.