Hello and Greetings Everyone.

We run a small town news/politics website and are getting back into doing events/photo galleries and we are wanting to move event images to Piwigo (from WordPress) if I/we can solve this issue.

Short: We have a Piwigo install in a cloud cluster and with ssl on, image generation fails, original sized images uploaded appear but no thumbs created etc. 
Searching the forums/web etc I found other examples of the port:80 behind a load balancer ssl type issues but those solutions did not work for us. 

My understanding of "HTTP_X_FORWARDED" etc is weak and I am seeking some assistance wording the string that goes into local/config/config.inc.php.


Long: We have 2 WordPress installs both with Piwigo installed in a directory under the WP,  http://somesite.com/piwigo/. Both installs are on the same cluster in directory's next to each other when viewed in filezilla.

One install is our test subdomain http://test.somesite/piwigo/ that is not SSL. Piwigo installed perfectly out of the box, everything works thumbs etc. I did all the theme/css changes there, it works great once i fixed my typos and such.

Our live to the public WordPress install with piwigo https://somesite.com/piwigo/ has SSL ON (global cert, not self-signed) for the domain. Piwigo seems to work, theme loads, admin loads, configuration changes are saved and it looks as expected except for the missing images and thumbs.

Looking at one of the images that did not load:
GET https://somesite.com/eye/i.php?/upload/ … ff-sm.jpg=  generates a 403 forbidden and the image did not load and does not exist (original uploaded image does).

Looking at one of the images that does load (in chrome inspector) "The page at 'https://somesite.com/eye/index.php?/category/2' was loaded over HTTPS, but requested an insecure element 'http://somesite.com/eye/Dance-Drunk-Banner.jpg'. This request was automatically upgraded to HTTPS."

In piwigo batch manager when I try to generate all/any sizes I get "photos can not be regenerated".
After finding the "pictures don't appear faq" I compared the .htaccess of both sites (live and test) and found no mod-rewrites except for the automatic wordpress section that does not seem to apply.

Right-click on a failed picture then “copy the url to the picture” I get https://somesite.com/eye/i.php?/galleri … 185-sq.jpg
img_6185.jpg is in the gallery's folder  (was uploaded), img_6185-sq.jpg is not there/not generated.

"403 forbidden" I checked the folder and file permissions and all look good/same on both installs.

I turned on piwigo logging but no entries when I fail to generate images, no errors in the site wide php error file.


I spoke with our host and the explanation for the ssl/non is:
" Since cloudsites serves requests out of a cluster, the load balancers act as a reverse proxy server. HTTPS is decrypted on the load balancer. The apache/php servers themselves only receive traffic on port 80, but the load balancer will set the HTTPS and HTTP_CLUSTER_HTTPS request headers to “on” when HTTPS is being used. These headers can be seen on a phpinfo page."


I tried many times with different FORWARDED_FOR I found in the forums/git etc but I don't know this Apache very well at all, this did not work :

// Support X-Forwarded-Proto header for HTTPS detection in PHP
// Also need to set port correctly
if ( $_SERVER['HTTP_X_FORWARDED_FOR'] == 'https' ) {
    $_SERVER['HTTP_CLUSTER_HTTPS']= 'on';
    $_SERVER['SERVER_PORT'] = '443';
}

Related:   https://github.com/Piwigo/Piwigo/pull/483

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){
       $_SERVER['HTTPS']='on';
} This did not work.

I tried The plugin Force HTTPS, it wont load as it says we don't have ssl, not surprised.

If anyone has any clues or suggestions with this I would greatly appreciate it as it has stopped me/the project in my tracks.

Sorry for the rambling wall of text, but I hear you like details :)

Thank you.
Esteban


Below is some of the phpinfo +  environment

Environment

    Piwigo 12.3.0 Check for upgrade
    Operating system: Linux
    PHP: 7.2.34-8+0~20201103.52+debian10~1.gbpafa084 (Show info) [2022-07-21 15:53:22]
    MySQL: 5.5.5-10.1.41-MariaDB-0+deb10u2 [2022-07-21 17:53:22]
    Graphics Library: ImageMagick 6.9.10-23
    Cache size 9.68 Mo   calculated 2 days ago Refresh

Activated plugin list 7

    Admin Tools
    Advanced Menu Manager
    Community
    FCK Editor
    Grum Plugins Classes.3
    LocalFiles Editor
    PWG Stuffs

--------------------

HTTP Headers Information
HTTP Request Headers
HTTP Request     GET /phpinfo.php HTTP/1.1
User-Agent     Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0
X-Forwarded-For     98.97.##.##
Accept     text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language     en-US,en;q=0.5
Host     somesite.com
X-Mosso-DT     PHP72-9 SSL VS
Sec-Fetch-Dest     document
CLUSTER_HTTPS     on
CLUSTER-HTTPS     on
Sec-GPC     1
Connection     keep-alive
Upgrade-Insecure-Requests     1
Sec-Fetch-User     ?1
Sec-Fetch-Mode     navigate
Sec-Fetch-Site     none
Accept-Encoding     gzip, deflate, br
DNT     1

-----------------

apache2handler
Apache Version     Apache/2.4
Apache API Version     20120211
Server Administrator     root@localhost
Hostname:Port     somesite.com:80
User/Group     www-data(33)/33
Max Requests     Per Child: 750 - Keep Alive: off - Max Per Connection: 100
Timeouts     Connection: 120 - Keep-Alive: 5
Virtual Server     Yes
Server Root     /etc/apache2

--------------
Apache Environment
Variable    Value
HTTPS     on
UNIQUE_ID     Ytb7NftWnpkjs3kMUpXKBgAAACE
PHP_DOCUMENT_ROOT     /mnt/stor13-wc2-dfw1/487905/www.somesite.com/web/content
HTTP_AUTHORIZATION     no value
HTTP_USER_AGENT     Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0
HTTP_X_FORWARDED_FOR     98.97.##.##
HTTP_ACCEPT     text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE     en-US,en;q=0.5
HTTP_HOST     somesite.com
HTTP_X_MOSSO_DT     PHP72-9 SSL VS
HTTP_SEC_FETCH_DEST     document
HTTP_CLUSTER_HTTPS     on
HTTP_SEC_GPC     1
HTTP_CONNECTION     keep-alive
HTTP_UPGRADE_INSECURE_REQUESTS     1
HTTP_SEC_FETCH_USER     ?1
HTTP_SEC_FETCH_MODE     navigate
HTTP_SEC_FETCH_SITE     none
HTTP_ACCEPT_ENCODING     gzip, deflate, br
HTTP_DNT     1
PATH     /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SERVER_SIGNATURE     <address>Apache/2.4 Server at somesite.com Port 80</address>
SERVER_SOFTWARE     Apache/2.4
SERVER_NAME     somesite.com
SERVER_ADDR     10.40.###.##
SERVER_PORT     80
REMOTE_ADDR     98.97.##.##
DOCUMENT_ROOT     /mnt/stor13-wc2-dfw1/487905/www.somesite.com/web/content
REQUEST_SCHEME     http
CONTEXT_PREFIX     no value
CONTEXT_DOCUMENT_ROOT     /mnt/stor13-wc2-dfw1/487905/www.somesite.com/web/content
SERVER_ADMIN     root@localhost
SCRIPT_FILENAME     /mnt/stor13-wc2-dfw1/487905/www.somesite.com/web/content/phpinfo.php
REMOTE_PORT     34606
GATEWAY_INTERFACE     CGI/1.1
SERVER_PROTOCOL     HTTP/1.1
REQUEST_METHOD     GET
QUERY_STRING     no value
REQUEST_URI     /phpinfo.php
SCRIPT_NAME     /phpinfo.php

--------------------

Website Status (this is a host status page)
Active
Technology Linux / Apache / PHP 7.2
Region Phoenix (PHX)
Directory /mnt/stor13-wc2-dfw1/xxxxxx/www.somesite.com/web/content/
Raw Logs Enabled
Secure Traffic (SSL)
• IP Address (Dedicated) 159.135.xx.xx 


The gallery is locked for maintenance. Please come back later when the galleries are loaded and all shiny.

Last edited by CoastPuya (2022-07-22 01:51:36)