A quick follow up here: On Wed, Dec 14, 2005 at 05:29:18PM -0800, Bill Moseley wrote: > I'm running Trac behind a reverse proxy on an ssl machine, but with a > minor problem. Anyone else doing this? Any solutions? > > > I have a project setup on an internal machine available as: > > http://inside.machine:81/project/trac.cgi > > On the outside SSL Apache machine I have: > > > ProxyPass /project/ http://inside.machine:81/project/ > ProxyPassReverse /project/ http://inside.machine:81/project/ > > So a request to the outside machine is proxied: > > https://outside.server/project/trac.cgi > --> http://inside.machine:81/project/trac.cgi > > > > Normally, this works fine as long as any Location: header returned by > the inside server matches the ProxyPassReverse line, Apache will > rewrite the Location: header for the browser.[1] > > > The problem is Trac is sending an HTTP Location: header like: > > Location: http://outside.server/project/trac.cgi/wiki/TestPage > > Which drops the https scheme.
Makes me wonder why web servers don't provide the scheme as well as the host name in the X-Forwarded- headers. The problem, of course, is if you are only running an https server then Trac is redirecting to a non-existent server. My solution was to run a non-ssl server and then redirect to the https server. I'm running Trac 0.9.2-1 on Debian sid. Is there a config option to set the scheme or the base url? It was suggested I try "base_url" in trac.ini, and I can find some reference to in in svn, but it's not listed in the docs. I'm not sure that would work in my case, either, because the trac install can be accessed internally or externally via the https proxy. I would probably argue that the application shouldn't have to look at X-Forwarded-Host headers, and instead have the proxy server deal with rewriting addresses. That's what Apache's ReversPassReverse config option is for. Another comment is that there's other ways to prevent double-posting than issuing a http redirect after a post. But there are times when redirects are required, of course. -- Bill Moseley [EMAIL PROTECTED] _______________________________________________ Trac mailing list [email protected] http://lists.edgewall.com/mailman/listinfo/trac
