Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#11193] - Enable Proxy and Force SSL problems

?
avatar jo-sf
jo-sf
19 Jul 2016

With the current Joomla code (I think it came first with Joomla 3.6) there exists a check whether the server can be accessed via HTTPS (see administrator/components/com_config/model/application.php). This works fine if you don't have a proxy configured (for certificate problems see PR #11189).

But if you configured a proxy and this proxy is enabled you're probably no longer able to activate HTTPS either for the backend or for the entire site. Whether this still works depends upon whether this proxy allows to be contacted by the server where Joomla runs and to serve pages from this server. In most cases this will not be the case.

If you need a proxy within your Joomla setup and if you want to activate HTTPS you currently need to follow this procedure:

  • disable the proxy
  • save configuration
  • activate HTTPS (administrator only/entire site)
  • save configuration
  • enable the proxy
  • save configuration

I checked whether any internal option exists für curl (libraries/joomla/http/transport/curl.php) that allows to disable using a configured proxy for a single request but I didn't find any. Maybe such an option would help in making the HTTPS activation easier when a proxy is configured.

Votes

# of Users Experiencing Issue
1/1
Average Importance Score
3.00
avatar jo-sf jo-sf - open - 19 Jul 2016
avatar andrepereiradasilva
andrepereiradasilva - comment - 19 Jul 2016

i think that change was made in this PR https://github.com/joomla/joomla-cms/pull/9584/files. please check

avatar andrepereiradasilva
andrepereiradasilva - comment - 19 Jul 2016

i can't test this, but i think you could make add a check if proxy enabled to bypass HTTPS check in that scenario.
something like

&& (int) JFactory::getConfig()->get('proxy_enable', '0') !== 1

in https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_config/model/application.php#L122

avatar jo-sf
jo-sf - comment - 19 Jul 2016

@andrepereiradasilva

PR #9584 which is by the way already merged into the current code contains the code that checks whether HTTPS is available when "Force SSL" shall be enabled. But this PR doesn't deal with the fact that a proxy might be set in the global configuration.

I don't think it is a good idea to disable the HTTPS check as you suggested if a proxy is set. I more thought of a way to disable using the proxy if it is set, and this would mean the following change:

administrator/components/com_config/model/application.php, line 130:
currently:

$options->set('transport.curl', array(CURLOPT_SSL_VERIFYPEER => false));

new:

$options->set('transport.curl', array(CURLOPT_SSL_VERIFYPEER => false, CURLOPT_PROXY => null, CURLOPT_PROXYUSERPWD => null));

In the file libraries/joomla/http/transport/curl.php it is first checked whether a proxy is configured (lines 170 ff.), and later on all custom transport options passed in "transport.curl" will be added to the curl options array (lines 183 ff.). In doing so the CURLOPT_PROXY and CURLOPT_PROXYUSERPWD settings will both be overwritten with NULL which effectively disables using the proxy server configured.

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11193.

avatar andrepereiradasilva
andrepereiradasilva - comment - 19 Jul 2016

if that works good. fine by me

avatar jo-sf jo-sf - reference | 1bbafc5 - 19 Jul 16
avatar jo-sf
jo-sf - comment - 19 Jul 2016

I moved the code change suggested above to PR #11189 since having configured a proxy might also cause the HTTPS check to fail.

avatar andrepereiradasilva
andrepereiradasilva - comment - 19 Jul 2016

ok please close this issue as we already have a PR.

avatar jo-sf jo-sf - close - 19 Jul 2016
avatar jo-sf jo-sf - change - 19 Jul 2016
Status New Closed
Closed_Date 0000-00-00 00:00:00 2016-07-19 14:45:26
Closed_By jo-sf

Add a Comment

Login with GitHub to post a comment