Firefox PHP

HTTPS on load balancer

Posted by Schurki 
HTTPS on load balancer
December 01, 2016 01:28PM
We're terminating SSL encryption on the load balancer, communication between the LB and the web servers is unencrypted. The LB adds a HTTP header "isSSL: true" on imcoming HTTPS requests. To make Phorum work in this setup, I added a file include/phorum_get_protocol.php and made a few changes to common.php and include/phorum_get_url.php.

I'ld like to append the files here, but this doesn't seem to be possible, so I put it this way:

get_protocol. php:

Language: PHP
<?php   $allheaders= getallheaders(); if (isset($allheaders{';isSSL';}) and $allheaders{';isSSL';} == ';true';) { $protocol = ';https';; } else { $protocol = ';http';; } ?>


In common.php, I added

Language: PHP
require_once("include/phorum_get_protocol.php");

after the other includes and

Language: PHP
$PHORUM[';http_path';] = preg_replace ("!^https?!" , $protocol , $PHORUM[';http_path';]);

after

Language: PHP
phorum_db_load_settings();

and in phorum_get_url.php I put

Language: PHP
global $protocol; $url= preg_replace ("!^https?!" , $protocol , $url);

just before

Language: PHP
return $url;

in each of the functions phorum_get_url, phorum_get_url_no_uri_auth and phorum_get_current_url.

This refers to version 5.2.20.

Would somebody integrate that in proper form in Phorum, perhaps as a module? The name and value of the header sent by the LB should probably be configurable.



Edited 2 time(s). Last edit at 12/01/2016 02:18PM by Schurki.
Re: HTTPS on load balancer
December 01, 2016 03:55PM
I am not sure exactly what you want between LB and Phorum, but this works for most who want https between the browser and Phorum, or http between the browser and Phorum. It should work with any passed URL regardless of source.


Automatic HTTP Path (version 1.0.9)
This module automatically sets the HTTP Path configuration option, based on the active
URL.
This can be useful if for some reason you run one Phorum install under various host
names and/or directories (e.g. a Phorum on a private space intranet server that is also
accessible through a public URL or a server that has to be accessible on both an http://
and https:// URL).

Automatic HTTP Path


In the Admin under General Settings, File/Path Settings... you may need to change this, not sure...
Re: HTTPS on load balancer
December 01, 2016 05:32PM
I've tried that module first, it's not working. In my setup, the user@browser kann choose if he wants to use HTTPS or HTTP, but the LB forwards all incoming requests, even HTTPS, as HTTP to the web servers. Additionally, Phorum ist accessed through 2 different domains, one accessible only internally for admin tasks, and one external, where admin stuff is blocked by server config. The configured http_path points to the external domain.
Re: HTTPS on load balancer
December 07, 2016 07:17AM
Hi Schurki,

Quote
Schurki
I've tried that module first, it's not working.

Nevertheless you should implement your needs as a new module (perhaps based on the Automatic HTTP Path Module) instead of patching the Phorum core...

Regards
Oliver


Using Phorum since 7/2000: forum.langzeittest.de (actual version 5.2.23)
Modules "Made in Germany" for version 5.2: Author_as_Sender, CarCost, Close_Topic, Conceal_Message_Timestamp,
Format_Email, Index_Structure, Mailing_List, Pervasive_Forum, Spritmonitor, Terms_of_Service and German_Language_Files_Package.
Re: HTTPS on load balancer
December 10, 2016 03:54PM
If you read my first posting, you should notice that this is a request that somebody implements it correctly. I just put my changes there as hints how it could be done.



Edited 1 time(s). Last edit at 12/12/2016 03:37PM by Schurki.
Sorry, only registered users may post in this forum.

Click here to login