opensocial osapi endpoint url protocol and https reverse proxy
When running Nuxeo 5.6 behind an https reverse proxy, the generated opensocial container osapi endpoint URLs (opensocial/social/rpc, opensocial/gadgets/api/rpc) do not appear to be generated with the correct https protocol. As a result, I see HTTP Error 500 entries in the log. Should I open a JIRA for this?
Did you play with the nuxeo.loopback.url or nuxeo.url parameters into your nuxeo.conf ?
See here : http://doc.nuxeo.com/x/QQA7
 |
Benjamin Jalon
Member (18.8K) 5 7 5 |
07/05/2013 ( History) |
In https://github.com/nuxeo/nuxeo-distribution/blob/5.6.0/nuxeo-distribution-resources/src/main/resources/templates-common-dm/common/config/opensocial-container.js, there are numerous uris/urls defined that are not BaseUris/BaseUrls. Most of these uris/urls contain references to %host% and some to %protocol%, both of which might be problematic in a reverse proxy scenario. Do you agree?
The specific issue with the two above urls may result from the fact that they have hard-coded "http" protocol references instead of %protocol%. In my scenario, if they referenced %protocol%, they might be able to loopback thru the reverse proxy and resolve although this does not seem desirable.
The fix for https://issues.apache.org/jira/browse/SHINDIG-1884 seems quite relevant here. Should I open a Nuxeo JIRA to implement a similar fix in 5.6 by replacing http://%host%/ with //%host%/?