Announcement

#1 2018-12-03 08:54:21

pert
Member
2016-02-14
9

Login doesn't work properly under https

Hi,
after updating to the latest version of Piwigo login doesn't work using https.

I've run Piwigo without any problems in 2 years. Recently, I installed a Let's
Encrypt certificate and started using https on my site.

When logging in to Piwigo I get the following error message:

Säker anslutning misslyckades

Ett fel uppstod under anslutning till mysite.com:80. SSL mottog en post som överskred den maximalt tillåtna längden. Felkod: SSL_ERROR_RX_RECORD_TOO_LONG

    Sidan du försöker se kan inte visas eftersom autenticiteten för mottagen data inte kan verifieras.
    Kontakta webbplatsens ägare och informera dem om detta problem.

My translation:

Secure connection failed

Un error occured on conecting to mysite.com:80. SSL received a post exceeded the maximal length allowed. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

I contacted the support on my web hotel and got the following answer:

Det verkar som att det blir timeout på sidan utav någon anledning. Jag ser att sidan försöker ladda sig igenom port 80 när du kör HTTPS. Porten för SSL är 443, ifall ni ändrar så att sidan körs igenom port 443 istället så bör det fungera ...

My translation:
I seems to occur a timeout on the page by some reason. Apparently, the side is trying to load by port 80, when your running HTTPS. The port for SSL is 443, if you change to make the page run through port 443 instead, it should work ...

This seems to be a bug in Piwigo. How do I proceed to make things working?

BTW If I back to the previous page, I find Piwigo welcoming me as logged in ...

Piwigo version: latest (cannot find the number anywhere!) Your home page suggests 2.9.4 ...
PHP version: 5.3.29
MySQL version: 5.5

Yours,
Per Tunedal

Offline

 

#2 2018-12-03 21:56:24

erAck
Only trying to help
2015-09-06
1998

Re: Login doesn't work properly under https

Piwigo works fine over https.

Problem can be on your client side if you're on Windows and some odd software constellation, worst some AntiVirus snake oil hijacking your TLS connection but not able to handle TLS 1.3, then disable its https scanning. Or rather, disable it anyway because it's stupid to install a Man-In-The-Middle.

Other than that, problem is more likely on the server side: Something on your site is forcing https to port 80, which it shouldn't. Check your httpd.conf <VirtualHost> sections, also the server of course must listen to all ports given there for the correct protocol. Make sure it hands out TLS 1.2 (best not TLS 1.0 and not TLS 1.1). Or ask your hosting provider if all that is out of your reach. You can try if already the handshake fails using

Code:

openssl s_client -connect yourdomain.tld:443

and watch the output. (Just press Ctrl+D if successful and it's waiting for further input). You can force TLS 1.2 with the -tls1_2 option to that command.

Oh and btw, your PHP 5.3.29 is way old and outdated. Better upgrade to 7.1


Running Piwigo at https://erack.net/gallery/

Offline

 

#3 2018-12-05 08:19:42

pert
Member
2016-02-14
9

Re: Login doesn't work properly under https

Hi,
first I followed your advice and updated PHP to 7.1.21

Then I turned of "scan https" in my antivirus on one Box. It didn't help - besides the error occurs on other boxes, tablets and phones too.

I ran the command
openssl s_client -connect yourdomain.tld:443

and got a satisfactory reply.

Then I turned to my hotel (Binero), as I have co-hosting and thus haven't got any access to the settings for the web server. They where not helpful (although they have a slogan as "Swedens most friendly web hotel".

"Då problemet är kodbaserat kan vi tyvärr inte erbjuda mer support gällande detta. Vi rekommenderar att du kontaktar en webbutvecklare/webbyrå för vidare hjälp."

My translation:
"As the problem is based in the code, we cannot support you. We recommend contacting a web developer for further assistance."

Thus I contacted one, my son, and he found the problem, but so far not any obvious solution:

" Lätt att se vad som är trasigt men svårt att
säga vems fel det är.

FS-Data (sic!) har konfigurerat sin miljö så att PHP ges dessa värden:

     $_SERVER['HTTPS'] = 'on'
     $_SERVER['SERVER_PORT'] = 80

Piwigo tolkar detta som att den ska använda HTTPS på port 80 (i
funktionen get_absolute_root_url() i include/functions_url.inc.php som
anropas från identification.php) och konstruerar en redirect till
"https://mydomain.com:80/my_piwigo_folder/"."

My translation:
"It's easy to see what's broken, but not to see who's to blame.

Binero has configured their environment in a way that gives PHP the following data:

     $_SERVER['HTTPS'] = 'on'
     $_SERVER['SERVER_PORT'] = 80

Pwigo interprets this as an instruction to use HTTPS over port 80
(in the function get_absolute_root_url() i include/functions_url.inc.php, that is called from identification.php) and makes a redirect to "https://mydomain.com:80/my_piwigo_folder/"."

Offline

 

#4 2018-12-06 10:12:42

pert
Member
2016-02-14
9

Re: Login doesn't work properly under https

Hi, my son found a solution:

"Jag har skapat två filer i
~/mydomain.com/public_html – dels (den dolda) ".user.ini":

   ; Fixa SERVER_PORT så att redirects i Piwigo funkar.
   auto_prepend_file =
/storage/content/96/******/mydomain.com/public_html/https_port_fix.php

...och dels "https_port_fix.php":

   <?php
   // Fixa SERVER_PORT så att redirects i Piwigo funkar.
   $_SERVER['SERVER_PORT'] = 443;
   $_SERVER['HTTPS'] = 'on';

Detta gör att PHP-snutten ovan laddas först i varje PHP-skript och fixar
inställningarna så att Piwigo inte blir förvirrat.
Referens: http://php.net/manual/en/ini.core.php#i … epend-file

Det var för övrigt en buggrapport och diskussion om detta i Piwigo för
ett tag sedan – det är inte bara Binero som har lite konstig config:
[Github] Piwigo issue #681

My translation:

"I've created two files in:
~/mydomain.com/public_html – first (the hidden) ".user.ini":

   ; Fix SERVER_PORT making redirects work in Piwigo.
   auto_prepend_file =
/storage/content/96/******/mydomain.com/public_html/https_port_fix.php

... and second: "https_port_fix.php":

   <?php
   // Fix SERVER_PORT  making redirects work in Piwigo.
   $_SERVER['SERVER_PORT'] = 443;
   $_SERVER['HTTPS'] = 'on';

The fix results in making the PHP snippet above load first in every PHP-script to fix the settings, to not confuse Piwigo.
Reference: http://php.net/manual/en/ini.core.php#i … epend-file

BTW it was a bug report and the following discussion in Piwigo a while ago (it's not just Binero that has a  bit strange configuration):

[Github] Piwigo issue #681

This workaround solved the problem. Maybe it would be a good idea to put some information in some help file/installation instructions for Piwigo?

Offline

 

#5 2018-12-06 17:07:45

erAck
Only trying to help
2015-09-06
1998

Re: Login doesn't work properly under https

Many thanks to you and your son!

I added this workaround to the GitHub issue [Github] Piwigo issue #681

Your "web hotel" is somewhat funny though.. on one hand they configure such that even with https over port 443 the server port is said to be port 80, on the other hand they tell you that "the port for SSL is 443, if you change to make the page run through port 443 instead, it should work". Maybe due to odd reverse proxy settings or some oversight on their side that when a Let's Encrypt certificate is added and SSL https enabled also VirtualHost and ports may need to be adapted in httpd.conf. Maybe you want to point them to https://stackoverflow.com/a/15192717 ;-)


Running Piwigo at https://erack.net/gallery/

Offline

 

#6 2018-12-07 09:54:13

pert
Member
2016-02-14
9

Re: Login doesn't work properly under https

Hi,
I've got the following reply from Binero:

"Då vi har en lastbalanserad miljö så sker alla anrop mot lastbalanseringen över port 443. Internt på webbservern används sedan port 80 så därav säger variablerna sådär olika värden.
Du kan därav inte nå sidan genom https://yourdomain.com:80/your_piwigo_folder/ utan det ska vara https://yourdomain.com:443/your_piwigo_folder/.

Fint att ni kommit till en lösning på det. Ska ta det vidare och se om det är något vi kan skiva (sic!) ner någonstans för att underlätta för andra med liknande problem."

My translation:

"Due to having a load balancing environment, all calls to the load balancing are made over port 443. However, internally on the web server calls are made over port 80; that's why the variables have different values. This is the reason why you cannot reach the page by  https://yourdomain.com:80/your_piwigo_folder/  it should be https://yourdomain.com:443/your_piwigo_folder/.

It's great you've found a solution to the problem. I will forward this, we'll see if we can write this down somewhere to the benefit of others with similar problems."

Offline

 

#7 2019-03-11 12:01:25

jemostrom
Member
2015-04-29
32

Re: Login doesn't work properly under https

Tack och bock, har samma problem (ditt kundnummer är synligt)

Last edited by jemostrom (2019-03-11 12:08:22)

Offline

 

#8 2020-10-28 10:59:58

MDN
Member
2020-10-25
4

Re: Login doesn't work properly under https

Hi,

Apparently the issue is still there. And it's not just with logging in.

E-mail send to users also use the :80 in the link, so do not work at all.

The first thing i noticed though was that newly added images were all broken when pages load for the first time, but then appear fine after refreshing the page. This applies to album covers, galleries with half of the images broken, the photo pages themselves, and images/thumbnails in the admin panel (like when uploading new files) all show a broken image icon.

While everything appears fine after refreshing all pages one by one the first time, that's probably just the local cache i'm seeing. When changing the image or thumbnail size .. it's all broken yet again.

One user also mentioned the Android App not showing images over HTTPS.

So first i tried the auto prepend solution mentioned here and that did nothing for me:
[Github] Piwigo issue #681

Then i tried the 'functions_url.inc.php' modification and this did fix all of the issues above:
[Github] Piwigo issue #982

But of course what happens when updating Piwigo? I may have to do it again or might not work at all the next time. I think it would be best if a configuration option was added to Piwigo natively (as mentioned in the comments on github).

It may be a thing with many hosting providers around the planet, because the users that end up mentioning it in the forum is likely only a very small percentage.

Cheers,
M

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact