Defect #13077

redirect to wrong back_url behind Apache reverse proxy

Added by Mathias Walter over 4 years ago. Updated over 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution:Invalid Affected version:2.2.2

Description

I've configured my Apache proxy exactly as described in http://www.redmine.org/projects/redmine/wiki/HowTo_Install_Redmine_in_a_sub-URI#With-a-reverse-proxy but Redmine redirects to a wrong URL by removing the path "/redmine". Hence, I cannot login and use the system. It works well with the local domain.

That happens after migration from 1.4 to the latest version 2.2.2 and seem to be independent of the 'Settings->General->Host name and path'.

It does not help either, if I change the environment.rb and set any combination of Redmine::Utils::relative_url_root or ActionController::Base.relative_url_root.

I also tried to enable/disable the browsers referer options but it didn't help.

Environment:

Rails 3.2.11
Ruby 1.9.3-p374
Redmine 2.2.2 r11293

Settings->General->Host name and path:

subdomain.domain.tld/redmine

Proxy config:
ProxyPass /redmine http://localserver:3000/
ProxyPassReverse /redmine http://localserver:3000/

Now, the requested URL

http://subdomain.domain.tld/redmine
changes to
http://subdomain.domain.tld/login?back_url=http%3A%2F%2Fsubdomain.domain.tld%2F


Related issues

Related to Redmine - Defect #12102: Installed Redmine in a sub-URI: Links are generated not c... New

History

#1 Updated by Mathias Walter over 4 years ago

The internal web server was used and redmine was started with ./script/rails server -e production

log entry:

Started GET "/" for xxx.xxx.xxx.xxx at 2013-02-04 15:02:33 +0100
Processing by WelcomeController#index as HTML
  Current user: anonymous
Redirected to http://subdomain.domain.tld/login?back_url=http%3A%2F%2Fsubdomain.domain.tld%2F
Filter chain halted as :check_if_login_required rendered or redirected
Completed 302 Found in 6ms (ActiveRecord: 1.5ms)

#2 Updated by Mathias Walter over 4 years ago

I've updated from Redmine 1.2, not from 1.4.

#3 Updated by Etienne Massip over 4 years ago

  • Status changed from New to Closed
  • Priority changed from Urgent to Normal
  • Resolution set to Invalid

This is mostly support request, neither a bug or feature request.

Configuring Redmine on a relative root is a bit tricky with Redmine 2.x and you have to define a scope for routes.

Basically, adding RedmineApp::Application.routes.default_scope = '/redmine' should help you, see #12102#note-1.

#4 Updated by Mathias Walter over 4 years ago

Just for the records:

Since I didn't get it to work with the internal Webrick server (even if I set RedmineApp::Application.routes.default_scope), I switched to Thin and changed the configuration according to Teddy's comment (#12102-12) and with config.asset_path = '/redmine%s'.

Then I gave Puma a try. Unfortunately, Puma does not support a prefix parameter. Hence I changed the config.ru according to #12102-13.

Now it works like a charm.

The wiki document HowTo_Install_Redmine_in_a_sub-URI whould be updated to Redmine 2.x configuration.

#5 Updated by Anonymous over 4 years ago

I had the same problem. To reproduce this:

  1. Sign in
  2. Click the sign out. This should produce a URL like this: http://domain.tld/login?back_url=http%253A%252F%252Fdomain.tld%252F
    1. Notice that the back_url is essentially escaped twice.
  3. Sign in again. You are now authenticated according to the logs but the redirect fails and you don't go anywhere
  4. Refreshing the page brings you to the default page (my_page_path)

A simple fix for this was to unescape twice the back url in ApplicationController::redirect_back_or_default. Change
back_url = params[:back_url].to_s
to
back_url = CGI.unescape(CGI.unescape(params[:back_url].to_s))

#6 Updated by Ryan J over 3 years ago

This is possibly an Apache issue. I have no idea how to make it work properly though.

Explanation from Atlassian
Possibly related Apache bug

Also available in: Atom PDF