NUKIB/misp

Instructions as written don't work without reverse https proxy

Closed this issue · 1 comments

This looks really great! My issue is - as written, I don't think the instructions work without a reverse proxy, as opposed to needing to set one up for production use. If I follow the intro instructions, when you log in with the default credentials I see a redirect to https://localhost - which of course then fails.

If you set 'force_https' as false in config.php this lets you log in successfully, but I don't think this is the right answer - I think a better solution would be to suggest deploying a reverse proxy from the outset/adding a possible reverse proxy config?

I'm going to try this for my own instance, look forward to seeing this develop - if it would be helpful I could propose a reverse proxy config?

ondj commented

Hello. Reverse proxy is not necessary for testing, just for production when you want to use HTTPS. So I fixed that problem, Security.force_https is not set to true when MISP_BASEURL env variable starts with https://.

Please feel free to reopen when it still doesn't work.