Skip to content

Commit 1ed8d9e

Browse files
committed
Fix APP_FULL_BASE_URL to work behind reverse proxies.
1 parent eff8e27 commit 1ed8d9e

6 files changed

Lines changed: 47 additions & 2 deletions

File tree

backend/config/app.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@
113113
'webroot' => 'webroot',
114114
'wwwRoot' => WWW_ROOT,
115115
//'baseUrl' => env('SCRIPT_NAME'),
116-
'fullBaseUrl' => false,
116+
'fullBaseUrl' => env('APP_FULL_BASE_URL', false),
117117
'imageBaseUrl' => 'img/',
118118
'cssBaseUrl' => 'css/',
119119
'jsBaseUrl' => 'js/',

backend/example.env

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,15 @@ CAPS_CDS='Testing'
3232
# default:
3333
# READONLY=''
3434

35+
# Optional administrator Bearer token. Both variables are required and the
36+
# configured user must already exist in CAPS.
37+
# CAPS_ADMIN_TOKEN='replace-with-a-long-random-token'
38+
# CAPS_ADMIN_TOKEN_USER='admin'
39+
40+
# Public URL used to generate absolute links and redirects. Configure this in
41+
# production when TLS is terminated by a reverse proxy.
42+
# APP_FULL_BASE_URL='https://caps.example.org'
43+
3544
# Connection information used by the ORM to connect
3645
# to your application's datastores.
3746
#

docker/README.md

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,29 @@ To start the container, you can run
88
```bash
99
sudo docker-compose up
1010
```
11+
12+
## HTTPS reverse proxies
13+
14+
When CAPS is published through an HTTPS reverse proxy, set its public URL in
15+
`caps.env` so that CakePHP generates HTTPS redirects and absolute links:
16+
17+
```env
18+
APP_FULL_BASE_URL=https://caps.example.org
19+
```
20+
21+
Replace `caps.example.org` with the public hostname, without a trailing slash.
22+
The reverse proxy should also preserve the original host and scheme. For
23+
example, with nginx:
24+
25+
```nginx
26+
proxy_set_header Host $host;
27+
proxy_set_header X-Forwarded-Proto $scheme;
28+
proxy_set_header X-Forwarded-Port $server_port;
29+
```
30+
31+
Restart the CAPS container after changing `caps.env`. Existing installations
32+
should also clear CakePHP's cache with `bin/cake cache clear_all`.
33+
1134
For later updates, use
1235
```bash
1336
sudo docker-compose up --build

docker/app.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@
7979
'dir' => 'src',
8080
'webroot' => 'webroot',
8181
'wwwRoot' => WWW_ROOT,
82-
'fullBaseUrl' => false,
82+
'fullBaseUrl' => env('APP_FULL_BASE_URL', false),
8383
'imageBaseUrl' => 'img/',
8484
'cssBaseUrl' => 'css/',
8585
'jsBaseUrl' => 'js/',

docker/caps.env.template

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,10 @@ CAPS_VERIFY_CERT=true
3131
# Name of the degree
3232
CAPS_CDS=Matematica
3333

34+
# Public URL used to generate absolute links and redirects. Set this when CAPS
35+
# is served through an HTTPS reverse proxy.
36+
# APP_FULL_BASE_URL=https://caps.example.org
37+
3438
# Use this to automatically set up an SSH port forwarding for
3539
# accessing the LDAP server through a different host. Public key
3640
# authentication needs to be set-up, using a key made available

example.env

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,15 @@ CAPS_USERS_PASSWD="admin:admin,user:user"
5151
# CAPS_ADMIN=''
5252
CAPS_ADMINS='admin'
5353

54+
# Optional administrator Bearer token. The user must already exist in CAPS.
55+
# Generate a token with: openssl rand -hex 32
56+
# CAPS_ADMIN_TOKEN='replace-with-a-long-random-token'
57+
# CAPS_ADMIN_TOKEN_USER='admin'
58+
59+
# Public URL used to generate absolute links and redirects. Configure this in
60+
# production when TLS is terminated by a reverse proxy.
61+
# APP_FULL_BASE_URL=https://caps.example.org
62+
5463
# Connection information used by the ORM to connect
5564
# to your application's datastores.
5665
#

0 commit comments

Comments
 (0)