containers icon indicating copy to clipboard operation
containers copied to clipboard
verified publisher icon bitnami

[bitnami/moodle] Provide a way to disable dynamic scheme in `$CFG->wwwroot`

Open vlk-charles opened this issue 3 years ago • 3 comments

Name and Version

bitnami/moodle:4.0.4-debian-11-r2

What is the problem this feature will solve?

When I enable $CFG->sslproxy in config.php, I get the following error when trying to access Moodle through my TLS reverse proxy: "Must use https address in wwwroot when ssl proxy enabled!"

What is the feature you are proposing to solve the problem?

The issue is caused by this logic in the generated config.php that dynamically sets the scheme based on the request:

if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
  $CFG->wwwroot   = 'https://' . $_SERVER['HTTP_HOST'];
} else {
  $CFG->wwwroot   = 'http://' . $_SERVER['HTTP_HOST'];
}

My proposal is to either provide an environment variable that could set $CFG->wwwroot statically or to automatically disable this logic when MOODLE_SSLPROXY is set (note #6534) and replace it with just:

$CFG->wwwroot   = 'https://' . $_SERVER['HTTP_HOST'];

Note that setuplib.php already does this when $CFG->sslproxy is set:

        $rurl['scheme'] = 'https'; // make moodle believe it runs on https, squid or something else it doing it
        $_SERVER['HTTPS'] = 'on'; // Override $_SERVER to help external libraries with their HTTPS detection.
        $_SERVER['SERVER_PORT'] = 443; // Assume default ssl port for the proxy.

But that only happens later in the process, after $CFG->wwwroot has already been set.

What alternatives have you considered?

For now, I edit config.php after it has been generated.

vlk-charles avatar Sep 14 '22 21:09 vlk-charles

My proxy is fairly simple and does not inject any headers such as Forwarded or X-Forwarded-Proto. I have not tested whether the behavior would be different with those.

vlk-charles avatar Sep 14 '22 22:09 vlk-charles

From a quick search, $_SERVER['HTTPS'] does not appear to take the mentioned proxy headers into consideration. So the behavior would probably be the same.

vlk-charles avatar Sep 14 '22 22:09 vlk-charles

Hi!

Please, note this Helm chart is a community-supported solution. This means that the Bitnami team is not actively working on new features/improvements nor providing support through GitHub Issues for this Helm chart. Any new issue will stay open for 20 days to allow the community to contribute, after 15 days without activity the issue will be marked as stale being closed after 5 days.

The Bitnami team will review any PR that is created, feel free to create a PR if you find any issue or want to implement a new feature.

New versions are not going to be affected. Once a new version is released in the upstream project, the Bitnami container image will be updated to use the latest version.

javsalgar avatar Sep 15 '22 09:09 javsalgar

I confirm this works for me as of bitnami/moodle:4.0.4-debian-11-r9.

vlk-charles avatar Sep 29 '22 15:09 vlk-charles