opensocial osapi endpoint url protocol and https reverse proxy

When running Nuxeo 5.6 behind an https reverse proxy, the generated opensocial container osapi endpoint URLs (opensocial/social/rpc, opensocial/gadgets/api/rpc) do not appear to be generated with the correct https protocol. As a result, I see HTTP Error 500 entries in the log. Should I open a JIRA for this?

0 votes

2 answers

3750 views

ANSWER



Did you play with the nuxeo.loopback.url or nuxeo.url parameters into your nuxeo.conf ?

See here : http://doc.nuxeo.com/x/QQA7

0 votes



rg1
I believe the code generating these two specific opensocial urls does not use the nuxeo.loopback.url setting.

In https://github.com/nuxeo/nuxeo-distribution/blob/5.6.0/nuxeo-distribution-resources/src/main/resources/templates-common-dm/common/config/opensocial-container.js, there are numerous uris/urls defined that are not BaseUris/BaseUrls. Most of these uris/urls contain references to %host% and some to %protocol%, both of which might be problematic in a reverse proxy scenario. Do you agree?

The specific issue with the two above urls may result from the fact that they have hard-coded "http" protocol references instead of %protocol%. In my scenario, if they referenced %protocol%, they might be able to loopback thru the reverse proxy and resolve although this does not seem desirable.

The fix for https://issues.apache.org/jira/browse/SHINDIG-1884 seems quite relevant here. Should I open a Nuxeo JIRA to implement a similar fix in 5.6 by replacing http://%host%/ with //%host%/?

07/15/2013

Yes, please create a ticket and add an answer with link to the ticket. Thanks for your feedback.
07/17/2013


See bug NXP-12054

0 votes