devfake/flox

Reverse Proxy Support

Protinon opened this issue · 4 comments

I had trouble getting Flox to run using a reverse proxy, especially over https. I'm not a php developer but I did some researching and found a solution that worked for me. The documentation says it introduces a security risk so I feel there should be a better solution. Has anyone else run into this issue?

Here's an article on the Laravel website that explains the issue. On that article they mention an external php package (fideloper/proxy) that allows for easy configuration of trusted proxies. I haven't tried setting that up because I'm not familiar enough with php.

The solution I had success with is mentioned on this page. I added the following code to public/index.php and it loaded successfully. I tried replacing 'REMOTE_ADDR' with '127.0.0.1' but that didn't work.

Request::setTrustedProxies(
    ['REMOTE_ADDR'],
    Request::HEADER_X_FORWARDED_PROTO
);

Hey, I have the same problem. But I can't get it to work. I tried adding

Request::setTrustedProxies(
    ['REMOTE_ADDR'],
    Request::HEADER_X_FORWARDED_PROTO
);

to my index.php, but I just get the error:

Undefined class constant 'HEADER_X_FORWARDED_PROTO'Uncaught Error: Call to a member function send() on bool in /var/www/html/backend/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php:123 Stack trace: #0 /var/www/html/backend/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(100): Illuminate\Foundation\Bootstrap\HandleExceptions->renderHttpResponse(Object(Symfony\Component\Debug\Exception\FatalThrowableError)) #1 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleException(Object(Symfony\Component\Debug\Exception\FatalThrowableError)) #2 {main} thrown

Any help would be greatly appreciated

@calgara12 Did you import the namespace for the Request class?

\Symfony\Component\HttpFoundation\Request::setTrustedProxies(
  ['REMOTE_ADDR'],
  \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
);

So I have this working but have not made a PR since I lack the knowledge (and local setup on Windows) on how to make it configurable from the .env file.

To get this working you should be able to copy what's in this branch master...D3v01dZA:test

All that's required is to activate the middleware, it seems that it is already required by composer somewhere (I think laravel requires it by default but I'm not certain).

Edit: Its normally not advised to use * for the trusted proxies :)

So I use nginx and php7.4-fpm and I was able to fix this issue ( assets not loading because they are using http ) by adding a

fastcgi_param HTTPS on

To my php block, ie:

location ~ \.php$ {
  # ...
  fastcgi_param HTTPS on
  # ...
}