Pages: 1
Hello and Greetings Everyone.
We run a small town news/politics website and are getting back into doing events/photo galleries and we are wanting to move event images to Piwigo (from WordPress) if I/we can solve this issue.
Short: We have a Piwigo install in a cloud cluster and with ssl on, image generation fails, original sized images uploaded appear but no thumbs created etc.
Searching the forums/web etc I found other examples of the port:80 behind a load balancer ssl type issues but those solutions did not work for us.
My understanding of "HTTP_X_FORWARDED" etc is weak and I am seeking some assistance wording the string that goes into local/config/config.inc.php.
Long: We have 2 WordPress installs both with Piwigo installed in a directory under the WP, http://somesite.com/piwigo/. Both installs are on the same cluster in directory's next to each other when viewed in filezilla.
One install is our test subdomain http://test.somesite/piwigo/ that is not SSL. Piwigo installed perfectly out of the box, everything works thumbs etc. I did all the theme/css changes there, it works great once i fixed my typos and such.
Our live to the public WordPress install with piwigo https://somesite.com/piwigo/ has SSL ON (global cert, not self-signed) for the domain. Piwigo seems to work, theme loads, admin loads, configuration changes are saved and it looks as expected except for the missing images and thumbs.
Looking at one of the images that did not load:
GET https://somesite.com/eye/i.php?/upload/ … ff-sm.jpg= generates a 403 forbidden and the image did not load and does not exist (original uploaded image does).
Looking at one of the images that does load (in chrome inspector) "The page at 'https://somesite.com/eye/index.php?/category/2' was loaded over HTTPS, but requested an insecure element 'http://somesite.com/eye/Dance-Drunk-Banner.jpg'. This request was automatically upgraded to HTTPS."
In piwigo batch manager when I try to generate all/any sizes I get "photos can not be regenerated".
After finding the "pictures don't appear faq" I compared the .htaccess of both sites (live and test) and found no mod-rewrites except for the automatic wordpress section that does not seem to apply.
Right-click on a failed picture then “copy the url to the picture” I get https://somesite.com/eye/i.php?/galleri … 185-sq.jpg
img_6185.jpg is in the gallery's folder (was uploaded), img_6185-sq.jpg is not there/not generated.
"403 forbidden" I checked the folder and file permissions and all look good/same on both installs.
I turned on piwigo logging but no entries when I fail to generate images, no errors in the site wide php error file.
I spoke with our host and the explanation for the ssl/non is:
" Since cloudsites serves requests out of a cluster, the load balancers act as a reverse proxy server. HTTPS is decrypted on the load balancer. The apache/php servers themselves only receive traffic on port 80, but the load balancer will set the HTTPS and HTTP_CLUSTER_HTTPS request headers to “on” when HTTPS is being used. These headers can be seen on a phpinfo page."
I tried many times with different FORWARDED_FOR I found in the forums/git etc but I don't know this Apache very well at all, this did not work :
// Support X-Forwarded-Proto header for HTTPS detection in PHP
// Also need to set port correctly
if ( $_SERVER['HTTP_X_FORWARDED_FOR'] == 'https' ) {
$_SERVER['HTTP_CLUSTER_HTTPS']= 'on';
$_SERVER['SERVER_PORT'] = '443';
}
Related: https://github.com/Piwigo/Piwigo/pull/483
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){
$_SERVER['HTTPS']='on';
} This did not work.
I tried The plugin Force HTTPS, it wont load as it says we don't have ssl, not surprised.
If anyone has any clues or suggestions with this I would greatly appreciate it as it has stopped me/the project in my tracks.
Sorry for the rambling wall of text, but I hear you like details :)
Thank you.
Esteban
Below is some of the phpinfo + environment
Environment
Piwigo 12.3.0 Check for upgrade
Operating system: Linux
PHP: 7.2.34-8+0~20201103.52+debian10~1.gbpafa084 (Show info) [2022-07-21 15:53:22]
MySQL: 5.5.5-10.1.41-MariaDB-0+deb10u2 [2022-07-21 17:53:22]
Graphics Library: ImageMagick 6.9.10-23
Cache size 9.68 Mo calculated 2 days ago Refresh
Activated plugin list 7
Admin Tools
Advanced Menu Manager
Community
FCK Editor
Grum Plugins Classes.3
LocalFiles Editor
PWG Stuffs
--------------------
HTTP Headers Information
HTTP Request Headers
HTTP Request GET /phpinfo.php HTTP/1.1
User-Agent Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0
X-Forwarded-For 98.97.##.##
Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language en-US,en;q=0.5
Host somesite.com
X-Mosso-DT PHP72-9 SSL VS
Sec-Fetch-Dest document
CLUSTER_HTTPS on
CLUSTER-HTTPS on
Sec-GPC 1
Connection keep-alive
Upgrade-Insecure-Requests 1
Sec-Fetch-User ?1
Sec-Fetch-Mode navigate
Sec-Fetch-Site none
Accept-Encoding gzip, deflate, br
DNT 1
-----------------
apache2handler
Apache Version Apache/2.4
Apache API Version 20120211
Server Administrator root@localhost
Hostname:Port somesite.com:80
User/Group www-data(33)/33
Max Requests Per Child: 750 - Keep Alive: off - Max Per Connection: 100
Timeouts Connection: 120 - Keep-Alive: 5
Virtual Server Yes
Server Root /etc/apache2
--------------
Apache Environment
Variable Value
HTTPS on
UNIQUE_ID Ytb7NftWnpkjs3kMUpXKBgAAACE
PHP_DOCUMENT_ROOT /mnt/stor13-wc2-dfw1/487905/www.somesite.com/web/content
HTTP_AUTHORIZATION no value
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0
HTTP_X_FORWARDED_FOR 98.97.##.##
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE en-US,en;q=0.5
HTTP_HOST somesite.com
HTTP_X_MOSSO_DT PHP72-9 SSL VS
HTTP_SEC_FETCH_DEST document
HTTP_CLUSTER_HTTPS on
HTTP_SEC_GPC 1
HTTP_CONNECTION keep-alive
HTTP_UPGRADE_INSECURE_REQUESTS 1
HTTP_SEC_FETCH_USER ?1
HTTP_SEC_FETCH_MODE navigate
HTTP_SEC_FETCH_SITE none
HTTP_ACCEPT_ENCODING gzip, deflate, br
HTTP_DNT 1
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SERVER_SIGNATURE <address>Apache/2.4 Server at somesite.com Port 80</address>
SERVER_SOFTWARE Apache/2.4
SERVER_NAME somesite.com
SERVER_ADDR 10.40.###.##
SERVER_PORT 80
REMOTE_ADDR 98.97.##.##
DOCUMENT_ROOT /mnt/stor13-wc2-dfw1/487905/www.somesite.com/web/content
REQUEST_SCHEME http
CONTEXT_PREFIX no value
CONTEXT_DOCUMENT_ROOT /mnt/stor13-wc2-dfw1/487905/www.somesite.com/web/content
SERVER_ADMIN root@localhost
SCRIPT_FILENAME /mnt/stor13-wc2-dfw1/487905/www.somesite.com/web/content/phpinfo.php
REMOTE_PORT 34606
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /phpinfo.php
SCRIPT_NAME /phpinfo.php
--------------------
Website Status (this is a host status page)
Active
Technology Linux / Apache / PHP 7.2
Region Phoenix (PHX)
Directory /mnt/stor13-wc2-dfw1/xxxxxx/www.somesite.com/web/content/
Raw Logs Enabled
Secure Traffic (SSL)
• IP Address (Dedicated) 159.135.xx.xx
The gallery is locked for maintenance. Please come back later when the galleries are loaded and all shiny.
Last edited by CoastPuya (2022-07-22 01:51:36)
Offline
So our antique cloud host (was Mosso) does not set HTTP_X_FORWARDED_PROTO but does set HTTP_CLUSTER_HTTPS and HTTPS to "on" with ssl deployed.
How to tell piwigo to use $_SERVER['HTTP_CLUSTER_HTTPS']= 'on'
instead of $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'
if ( $_SERVER['HTTP_CLUSTER_HTTPS'] == 'on' ) {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = '443';
}
This did not work.
if ( $_SERVER['CLUSTER_HTTPS '] == 'on' ) {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = '80';
}
This did not work.
Back to search.
Offline
Found this https://github.com/Piwigo/Piwigo/pull/1 … -166576255
The solution from gasparakos and mossroy did not work.
https://github.com/Piwigo/Piwigo/pull/483 did not work.
I looked in the access logs at an image that did not generate, the other failed to generate are like this.
request
GET /eye/i.php?/galleries/2015-avocado-margarita-fest/img_6197-sq.jpg HTTP/1.1
referrer
https://somesite.com/eye/admin.php?page … ode=global status 403
Had another look at the htaccess file and there are no rules for ports or https just the auto word press block for logging in, moved urls/files and bot blocking. Same with php setings.
Back to it.
Offline
Did you apply the patches and modified, or did you add something to your local config, or what did you actually try? You are very vague on what exactly you tried.
Offline
Hi, sorry for being vague.
For the solution that gasparakos suggested 4eb8765 that was applied as a patch to functions_url.inc.php and did not work.
For mossroy's solution that was put in local/config/config.inc.php via local files editor.
The other strings I used local/config/config.inc.php via local files editor to see if I could get piwigo to use HTTP_CLUSTER_HTTPS instead of HTTP_X_FORWARDED_PROTO via local files editor.
I found this https://fr.piwigo.org/forum/viewtopic.p … 52#p225699 and tried Elodie_FSH solution patching functions_url.inc.php that did not work.
This morning I was attempting to set X-Forwarded-Proto to https in the htaccess file in somesite/piwigo/ folder. That has not worked and I am inquiring at my host. I realize this is not ideal but trying to get thumbs.
I have also tried a variety of patches in the local/config/config.inc.php via local files including:
if ( $_SERVER['HTTP_CLUSTER_HTTPS'] == 'on' ) {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = '443';
}
and
if(isset($_SERVER['HTTP_CLUSTER_HTTPS']) && $_SERVER['HTTP_CLUSTER_HTTPS'] == 'on'){
$_SERVER['HTTPS']='on';
$_SERVER['SERVER_PORT']=443;
}
and
if(isset($_SERVER['HTTP_CLUSTER_HTTPS']) && $_SERVER['HTTP_CLUSTER_HTTPS'] == 'on'){
$_SERVER['HTTPS']='on';
$_SERVER['SERVER_PORT']=80;
}
But obviously I don't understand this well enough.
My headers only have https = on, server port = 80, REQUEST_SCHEME = http, (edit) HTTP_CLUSTER_HTTPS = on, no HTTP_X_FORWARDED_PROTO.
Last edited by CoastPuya (2022-07-23 23:41:56)
Offline
I don't get it. If your hosting provider says "the load balancer will set the HTTPS and HTTP_CLUSTER_HTTPS request headers to “on”" then the attempts with evaluating HTTP_CLUSTER_HTTPS and setting $_SERVER['HTTPS'] = 'on' wouldn't change anything anyway. Or I misunderstood. Sorry, can't help.
Does the Piwigo PHP environment (without any of your changes) actually see these values, specifically $_SERVER['HTTPS'] as on? Check Admin -> Maintenance, tab Environment, PHP, Show info.
You could try to apply the patch from https://github.com/Piwigo/Piwigo/pull/483/files but instead of
|| (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false))
use
|| (isset($_SERVER['HTTP_CLUSTER_HTTPS']) && strtolower($_SERVER['HTTP_CLUSTER_HTTPS']) == 'on'))
but I doubt that would change anything because $_SERVER['HTTPS'] should be on so the already existing condition should match.
Offline
To find out what is happening I found the log settings in config_default.inc.php and set in local files editor:
// Logs directory, relative to $conf['data_location']
$conf['log_dir'] = '/logs';
// Log level (OFF, CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG)
// development = DEBUG, production = ERROR
$conf['log_level'] = 'DEBUG';
// Keep logs file during X days
$conf['log_archive_days'] = 30;
I then failed to regenerate any images in batch manager. Afterword I looked in _data/logs but no error logs for this day.
---------
The common fix for some reverse proxy issues seems too be this:
if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = '443';
}
But my host does not set X_FORWARDED_PROTO, it's empty.
So I was thinking if I could set HTTP_X_FORWARDED_PROTO to https (it's empty in my header) in the local config file to force the issue so I put:
$conf['HTTP_X_FORWARDED_PROTO'] = 'https';
if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = '443';
}
However this did not work.
Does anybody know if we can "hard" set environment variables for example:
$_SERVER['SERVER_PORT'] != 443)
or
(set $conf['HTTP_X_FORWARDED_PROTO'] = 'https';)
keep digging.
Offline
"Does the Piwigo PHP environment (without any of your changes) actually see these values, specifically $_SERVER['HTTPS'] as on?"
Yes
$_SERVER['HTTPS'] on
$_SERVER['HTTP_CLUSTER_HTTPS'] on
$_SERVER['REQUEST_SCHEME'] http
$_SERVER['SERVER_PORT'] 80
---------------
I used this in functions_url.inc.php
if ($with_scheme)
{
$is_https = false;
if ((isset($_SERVER['HTTPS']) &&
((strtolower($_SERVER['HTTPS']) == 'on') or ($_SERVER['HTTPS'] == 1)))
|| (isset($_SERVER['HTTP_CLUSTER_HTTPS']) &&
strtolower($_SERVER['HTTP_CLUSTER_HTTPS']) == 'on'))
{
$is_https = true;
$url .= 'https://';
however:2 photos can not be regenerated
Offline
Hello
I figured out what was going on and I have marked this as solved.
The lack of thumbnails and it working on a non ssl host while failing on the same host set to ssl led me to believe the semi popular? "root url is construct using HTTP_X_FORWARDED_HOST but is ignoring the scheme" or related was responsible.
However I was ignorant of the big picture. I have Piwigo installed in a sub-directory under WordPress. I had thought I had isolated the piwigo sub-directory from the WP rewrites, I missed some mod_alias.c security directives. Once that rule was disabled all works now.
I'm sorry for all my confusion and what I see now were self red-herrings, this has been an educational experience for a new Piwiego user.
Thank you erAck and everyone, have a wonderful day.
Offline
Pages: 1