Hi there,
we are using Syncope in Docker containers and are facing a strange issue. We
are not quite sure if it caused by our Apache server configuration or an
internal Syncope issue.
Syncope Version is 3.0.2
When the link for a password reset is clicked, the first request is of course a
https request which our apache routes to the enduser container. Then a redirect
occurs which is a http request an has an integer (a counter?) as first
parameter. I assume this is done by Syncope. This request is then again
redirected by our Apache Server to port 443.
In principle everything works but the insecure http request is forbidden in our
environment and stops the whole process.
Are there any additional instructions in the reverse proxy configuration which
are necessary for this to work?
Here is the relevant server log:
- my.domain.de:443 192.168.0.51 - [24/Apr/2023:08:56:02 +0200] "GET
/syncope-enduser/confirmpasswordreset?token=8kA1tw8sN...QEWNHL HTTP/1.1" 302 -
"-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/112.0"
- my.domain.de:80 192.168.0.51 - [24/Apr/2023:08:56:03 +0200] "GET
/syncope-enduser/confirmpasswordreset?2&token=8kA1tw8sN...QEWNHL HTTP/1.1" 302
602 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/112.0"
- my.domain.de:443 192.168.0.51 - [24/Apr/2023:08:56:03 +0200] "GET
/syncope-enduser/confirmpasswordreset?2&token=8kA1tw8sN...QEWNHL HTTP/1.1" 200
12738 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/112.0"
The reverse proxy configuration contains amongst others already the following
lines:
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
RequestHeader set X-Forwarded-SSL expr=%{HTTPS}
RequestHeader set Sec-Fetch-Dest: "document"
RequestHeader set Sec-Fetch-Mode: "navigate"
RequestHeader set Sec-Fetch-Site: "none"
ProxyPreserveHost On
Any help would be appreciated.
Kind regards
Timo
