Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-98254

X-Forwarded-* headers are not being honored when main.servlet.https.required is set to true

    Details

      Description

      Description
      When the portal property: main.servlet.https.required is set to true, X-Forwarded-* headers are not being honored, which may result in improper redirects.

      Also, the portal property: portal.proxy.path is not being accounted for as well, for the resulting redirects.

      Steps to Reproduce

      1. Setup a proxy server with SSL Offloading
        • Sample httpd-vhosts.conf (Apache Httpd)
          <VirtualHost *:443>
              ProxyPreserveHost On
          
              SSLEngine on
              SSLCertificateFile "/usr/local/apache2/conf/dummy-server.crt"
              SSLCertificateKeyFile "/usr/local/apache2/conf/dummy-server.key"
          
              RequestHeader set X-Forwarded-Proto https
          
              ProxyPass /liferay http://172.17.0.1:8080
              ProxyPassReverse /liferay http://172.17.0.1:8080
          </VirtualHost>
          
          • Accommodate SSLCertificateFile and SSLCertificateKeyFile accordingly
          • Replace 172.17.0.1 with the IP address to your Liferay instance
      2. Configure Liferay to work with the proxy server
        • Sample portal-ext.properties:
          web.server.https.port=443
          web.server.protocol=https
          portal.proxy.path=/liferay
          
          web.server.forwarded.protocol.enabled=true
          
      3. Startup Liferay and Apache Httpd
      4. Navigate to https://[PROXY-SERVER-IP]/liferay
        • Replace [PROXY-SERVER-IP] with your proxy server's IP
      5. Notice that Liferay loads as expected
      6. Modify portal-ext.properties to include main.servlet.https.required:
        web.server.https.port=443
        web.server.protocol=https
        portal.proxy.path=/liferay
        
        web.server.forwarded.protocol.enabled=true
        main.servlet.https.required=true
        
      7. Restart Liferay
      8. Navigate to https://[PROXY-SERVER-IP]/liferay
        • Replace [PROXY-SERVER-IP] with your proxy server's IP

      Expected Result: The redirect should occur successfully and the portal can be accessed.
      Actual Result: Error message appears in the browser, due to improper redirects.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 2 days ago

                Packages

                Version Package
                7.1.10 DXP FP13
                7.1.X
                7.2.10 DXP FP1
                7.2.X
                7.2.1 CE GA2
                Master