-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add multiple domains reverse SSL proxy support #1099
Conversation
👍 Looks good |
Great news! Thank you both for enabling this feature getting into core of ownlcoud! I can't await it, as I wrote the first 'bad' und 'ugly' merge request for OC3 (https://gitorious.org/owncloud/owncloud/merge_requests/74). This feature will be in OC5? Will test it on my shared webspace... |
Can we have one more reviewer? @schiesbn @blizzz @icewind1991 @bartv2 ? |
I need to patch some application code and 3rdparty setup to activate the new feature. Should I already post a pull request or wait until this is merged? Is somebody interested in a patch for owncloud stable to test the feature? |
@herbrechtsmeier O.K. I suggest to do do pull requests in other repositories too so that we can merge them all at the same time. |
Did I understand you right that you need to patch 3rdparty code in the 3rdparty repository? - Please don't do this, this is worse. The next time someone bumps a 3rdparty library your changes are probably gone by mistake! |
@herbrechtsmeier Lukas is right. what changes are needed here? |
That's the reason this patch extend a Sabre class. I only patch code that already use a owncloud functions:
Because I haven't test the openid function I can leave them as they are to not break anything. |
@thessy Have you succeed to test this pull request together with owncloud-archive/apps#449? @karlitschek How should I process with the openid changes? |
Yes. Works for me as long as no 3rd party code needs to be patched. |
@karlitschek Are the pull request okay for you or should I change all appearance of $_SERVER variables REQUEST_URI and SCRIPT_NAME outside of 3rd party code even if I can not test the code? Will this feature be included in the OC5 release? |
YES, good question. In my and others interest as well. Also discussed here: Would appreciate response! |
@herbrechtsmeier Hmmm. Please be careful. ;-) But the changes shouldn't be that difficult so please go on. |
@herbrechtsmeier Could you please rebase? - THX |
GREAT! Looking forward to seeing this implementation as soon as possible! |
@LukasReschke Rebase is done |
@Herbrechtsmeyer: Will these Apps be able to connect with their Owncloud Server via SSL Proxy, e.g. via Or are there known limitations to the use of the Proxy Server you would think of? |
Just a brief reminder. Feature Freeze is on Friday. Do we have another reviewer? |
I cannot help. I am an amateur only. |
@farson2003 Together with my other pull request owncloud-archive/apps#449 CalDAV, CardDAV and WebDAV are available via proxy. |
We would love to see SSL Proxy support in OC5. Same for many other users on hosted servers, who have been waiting forever for this major imrpovement. Is there anything that can be done for inclusion in OC5? |
Convince a core dev to 👍 this ;-) |
@owncloud-bot retest this please |
@herbrechtsmeier rebase please - THX |
👍 from me too. Let's rebase and merge today. |
Add support for a reverse proxy that handles multiple domains via different web roots (http[s]://proxy.tld/domain.tld/owncloud). As the reverse proxy web root is transparent for the web server the REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace the direct use of this _SERVER variables with function calls and extend this functions to overwrite the web root. Additionally it adds a Sabre request backend that extends the Sabre_HTTP_Request to use the same functions.
Add support for a reverse proxy that only forwards SSL connections unencrypted to the web server. This patch allows to detect the reverse proxy via regular expression for the remote IP address and conditional overwrite the host name, protocol and web root.
add multiple domains reverse SSL proxy support
I installed OC5. I cannot see any options to enter for SSL Proxy support, also here in the forum: http://forum.owncloud.org/viewtopic.php?f=3&t=8453 Can anyone or herbrechtmeyer comment on this? |
@farson2003 The option names have the prefix overwrite. You can find them in the config.sample.php. Normally it is enough to set overwritewebroot to the complete webroot and overwritecondaddr to the regular expression for the ip addresses of you proxies as you would do it for a conditional redirect in the .htaccess file. |
@herbrechtsmeier Which files of the OC5 Installation have to be edited, which exact code-lines must be altered to make the installation work with above configuration? Could you give a step-by-step instrucion? Thank yoU! |
@herbrechtsmeier It would be awesome if you could also document this in the new git documentation system :-) |
@karlitschek I have add a documentation in owncloud-archive/documentation#57 |
Good I will reply in the other thread here herbrechtsmeier/documentation@fe4ac73#commitcomment-2680486 . I agree it makes sense to collect the configuration for different providers also.. |
@herbrechtsmeier Thanks a lot |
This patch enables the use of forcessl together with a multiple domains reverse SSL proxy (owncloud#1099) which have different hostname and webroot for http and https access. The code assumes that the ssl proxy (https) hostname and webroot is configured via overwritehost and overwritewebroot.
This patch enables the use of forcessl together with a multiple domains reverse SSL proxy (#1099) which have different hostname and webroot for http and https access. The code assumes that the ssl proxy (https) hostname and webroot is configured via overwritehost and overwritewebroot.
Add support for a reverse proxy that handles multiple domains via different
web roots (https://proxy.tld/domain.tld/owncloud) and only forwards SSL
connections unencrypted to the web server.
As the reverse proxy is transparent for the web server the REQUEST_URI and
SCRIPT_NAME need manual adjustments. This patch replace the direct use
of this _SERVER variables with function calls and extend this functions
to overwrite the webroot. Additionally it adds a Sabre request backend
that extends the Sabre_HTTP_Request to use the same functions. It allows
to detect the reverse proxy via regular expression for the remote IP
address and conditional overwrite the host name, protocol and web root.