Univention Bugzilla – Bug 37518
incompatible setting of X-Forwarded-Proto in /etc/apache2/sites-available/univention-management-console
Last modified: 2015-02-04 15:57:49 CET
The current site-definition of the umc has: "RequestHeader set X-Forwarded-Proto %{HTTPS}s" This results in "off" when accessing the server with http and "on" with https. Most applications will expect the protocol ("https" or "http") to be returned. One of the affected applications is ownCloud 7. The incompatible usage will cause a fallback to http when the application was accessed successfully with https. When https is forced in ownCloud with the default setting, a redirect loop occurs. The problem was reported twice in the forum: http://forum.univention.de/viewtopic.php?f=67&t=3644 http://forum.univention.de/viewtopic.php?f=67&t=3690
This was introduced by Bug #36617 in UCS 4.0-0. Currently the settings in the apache site configuration "univention-management-console" sets global apache configurations instead of only for UMC related services. We should use a Location directive or a virtual host.
diff --git a/ucs-4.0-0/management/univention-management-console-frontend/conffiles/etc/apache2/sites-available/univention-management-console b/ucs-4.0-0/management/univention-management-console-frontend/conffiles/etc/apache2/sites-availab index c5906cf..efc97a9 100644 --- a/ucs-4.0-0/management/univention-management-console-frontend/conffiles/etc/apache2/sites-available/univention-management-console +++ b/ucs-4.0-0/management/univention-management-console-frontend/conffiles/etc/apache2/sites-available/univention-management-console @@ -2,2 +2,3 @@ +<LocationMatch "^/(umcp|umc|univention-management-console)/"> ProxyPreserveHost on @@ -41,2 +42,3 @@ RewriteRule ^(/univention-management-console/js)_[^/]*/(.*) $1/$2 [R=301] SetEnv proxy-nokeepalive 1 +</LocationMatch>
Created attachment 6592 [details] tested patch The patch from the comment contains 2 mistakes: leading slash must be removed, the ProxyPass directives aren't allowed underneath of LocationMatch.
I can confirm that the "LocationMatch" directive avoids the fallback to http for ownCloud 7. It would be nice if the change could be provided to the customers.
UMCP specific configurations have been put into LocationMatch directive. Fix: svn r57681 Package: univention-management-console-frontend Version: 4.1.106-11.993.201501301040 YAML: 2015-01-30-univention-management-console-frontend.yaml
Okay, works fine
<http://errata.univention.de/ucs/4.0/76.html>