Project

General

Profile

Actions

Defect #19834

closed

Login shows internal host/IP to internet public

Added by Jorge S. almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

When setting Require Authentication under Authentication, when you log out, you are redirected to login page, whose URL is:

https://tracker.xxxx.com.ar/login?back_url=http%3A%2F%2Ftracker.intranet.xxxx.com.ar%2F

In another installation, I see also:

https://tracker.xxxx.com.ar/login?back_url=http%3A%2F%2F192.168.1.4%2F

(The private IP).

It must be noted that BOTH installations run with Nginx as Reverse Proxy.

In my case, Nginx is listening on port 80 and based on the host redirects to my server which has Apache2 + Redmine working.

Actions #1

Updated by Jorge S. almost 9 years ago

nginx config:

server {
listen 80;

server_name
tracker.xxxx.com.ar;
location / {
proxy_pass http://192.168.1.4:8080;
}
}
Actions #2

Updated by Jorge S. almost 9 years ago

  • Status changed from New to Resolved

It seems to be a misconfiguration of nginx:

location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

Actions #3

Updated by Jean-Philippe Lang almost 9 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid

Thanks for the feedback.

Actions

Also available in: Atom PDF