Details
-
Bug
-
Resolution: Invalid
-
High
-
5.4.10
Description
If eZ Publish uses Varnish and additional node for processing SSL connections then images URI contains wrong protocol (http:// instead of https://).
Environment configuration:
- Option 1 (same as customer configuration)
- haproxy - process SSL connection, "unpacks" it and forward HTTP request to Varnish
- Varnish - process HTTP request, deliver cached content or if MISS sends request backed
- Apache2 - vhost for eZ Publish, configured for HTTP connections
- Option 2 (created for additional test)
- Apache2 - vhost for processing HTTPS requests, listen on 443 port, has configured proxy to Varnish. "Unpacks" HTTPS request and forward it to Varnish.
- Varnish - process HTTP request, deliver cached content or if MISS sends request backed
- Apache2 - vhost for eZ Publish, configured for HTTP connections
Steps to reproduce:
- Configure environment in accordance with instruction above
- Go to https://ip:port of your haproxy/Apache2 (SSL) node
All images served by the new stack won't be loaded. If you take a look at page source, you can see that every image has URI starting with *http://*.
Images served by legacy (if any) will be loaded normally because they have relative URIs.
Additional information:
- IORepositoryResolver::getBaseUrl() - in this case returns URL with *http://*
(https://github.com/ezsystems/ezpublish-kernel-ee/blob/v5.4.10/eZ/Bundle/EzPublishCoreBundle/Imagine/IORepositoryResolver.php#L162-L187). In general, this behavior is correct, because in fact there is HTTP request, but later it is "packed" back to HTTPS by haproxy.