Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
3.1.2
-
None
-
None
-
Debian jessie, openmeetings 3.1.2 cluster configuration three servers
Openmeetings 3.1.2 https proxyed with lighttpd
Openmeetings 5080 port is listen localhost
Description
Hi,
We've redirected 443 port and protocol https to 5080 port in localhost. We've used lighttpd proxy module and the openmeeting is running ok (http headers include X-Forwarded-For and X-Forwarded-Proto).
We are using moodle integration with openmeetings with https protocol and 443 port.
When we try go into room from moodle, browser request:
/GET /openmeetings/swf?&secureHash=b43151fb-de26-45e0-b833-d74565dcad13&scopeRoomId=11&language=8 HTTP/1.0
Host: cvom.unex.es
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:48.0) Gecko/20100101 Firefox/48.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://xxx.com/zonauex/evuex/mod/openmeetings/view.php?id=321072
Cookie: JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxx
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 158.49.197.173
X-Host: xxx.com
X-Forwarded-Proto: https
And openmeeting response redirect to http:
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Path=/openmeetings/; HttpOnly
Date: Fri, 30 Sep 2016 08:20:48 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store
Location: http://xxx.com/openmeetings/swf?secureHash=b43151fb-de26-45e0-b833-d74565dcad13&scopeRoomId=11&language=8&protocol=https&host=xxx.com&port=443&context=openmeetings
Content-Length: 0
Connection: close
I've found this old ticket: https://mail-archives.apache.org/mod_mbox/openmeetings-user/201507.mbox/%3CBLU436-SMTP207B0A2B5185C994D8BB9C4D49F0@phx.gbl%3E
is related to same problem, but the patch is applied from version 3.0.7 so I don't know is the same problem.
This problem blocks room access when users are using recent browsers, though they disable https protection.
Thanks by advance