Univention Bugzilla – Bug 44921
Apache does not pass HTTPS in the request header when mod_proxy proxies to HTTP
Last modified: 2018-05-24 15:33:45 CEST
The App Center allows to pass HTTPS requests to the container. Apache may use HTTP for that proxy connection. In this case the information that the connection once was HTTPS is not passed through. This may lead to redirects that explicitly tell the browser use HTTP. We should use RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS} is out sites.
please also add SSLProxyCheckPeerExpire Off (we already have SSLProxyCheckPeerCN off etc)
We will need a backport
Fixed in univention-apache 10.0.2-2A~4.3.0.201805021835
OK - univention-apache ("X-Forwarded-Proto is https and X-Forwarded-SSL on for https and http and off for http) OK - UMC, multiple apps OK - yaml
--- mirror/ftp/4.3/unmaintained/4.3-0/source/univention-apache_10.0.2-1A~4.3.0.201803060647.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/univention-apache_10.0.2-2A~4.3.0.201805021835.dsc @@ -1,6 +1,10 @@ -10.0.2-1A~4.3.0.201803060647 [Tue, 06 Mar 2018 06:47:56 +0100] Univention builddaemon <buildd@univention.de>: +10.0.2-2A~4.3.0.201805021835 [Wed, 02 May 2018 18:35:38 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +10.0.2-2 [Wed, 02 May 2018 18:34:04 +0200] Dirk Wiesenthal <wiesenthal@univention.de>: + + * Bug #44921: Use X-Forwarded-Proto 10.0.2-1 [Tue, 06 Mar 2018 06:44:56 +0100] Stefan Gohmann <gohmann@univention.de>:
<http://errata.software-univention.de/ucs/4.3/29.html>