Discussion:
[mantisbt-dev] Mantis not working behind a reverse-proxy
Louis BAYLE
2014-10-18 21:43:47 UTC
Permalink
Is there a 'good patch' to fix this realy problematic bug in Mantis ?

The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.

http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333

Louis BAYLE
Tel: +33 (0)4.42.604.734
***@gmail.com
Paul Richards
2014-10-18 21:55:17 UTC
Permalink
Are you able to test if the situation is any better with 1.3-dev?



If this is an absolute vs relative link type issue, (which I’m guessing it is) I’m not sure if the situation is improved in 1.3



Paul



From: Louis BAYLE [mailto:***@gmail.com]
Sent: 18 October 2014 22:44
To: developer discussions
Subject: [mantisbt-dev] Mantis not working behind a reverse-proxy



Is there a 'good patch' to fix this realy problematic bug in Mantis ?

The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.


http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333



Louis BAYLE
Tel: +33 (0)4.42.604.734
***@gmail.com <mailto:***@gmail.com>
Louis BAYLE
2014-10-18 22:16:29 UTC
Permalink
Yes, I can install a mantis 1.3-dev on our server and test it.

I'm not sure I'll have time to do that next week, but I'll let you know.

Louis BAYLE
Tel: +33 (0)4.42.604.734
Post by Paul Richards
Are you able to test if the situation is any better with 1.3-dev?
If this is an absolute vs relative link type issue, (which I’m guessing it
is) I’m not sure if the situation is improved in 1.3
Paul
*Sent:* 18 October 2014 22:44
*To:* developer discussions
*Subject:* [mantisbt-dev] Mantis not working behind a reverse-proxy
Is there a 'good patch' to fix this realy problematic bug in Mantis ?
The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.
http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333
Louis BAYLE
Tel: +33 (0)4.42.604.734
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
P Richards
2014-10-18 23:06:56 UTC
Permalink
If I’m correct about what the issue is likely to be, the problem might actually be ‘worse’ in 1.3-dev – however unless I’m mistaken here:



Unless you are saying that the INTERNAL and EXTERNAL path to mantis is different, it should be a case of setting $g_path to the final path:



$g_path = $t_protocol . '://' . $t_host . $t_path;



i.e.



if you have mantis listening on http, with a loadbalancing reverse proxy in front running https, whilst Mantis will detect http://www.foo.com, if you set



$g_path = https://www.foo.com in the config file that should work I believe.





If you are saying that you use http://mantis.internal and www.foo.org <http://www.foo.org> depending on whether users are internal or external to the corporate network, then this might be more of an issue.



Looking at the code, we seem to generate a mixture of absolute and relative links within a page in both 1.2 and 1.3 – the $g_path fix should be fine for the reverse proxy case, however, the absolute links will need to go to deal with the split-dns case.



Paul





From: Louis BAYLE [mailto:***@gmail.com]
Sent: 18 October 2014 23:16
To: developer discussions
Subject: Re: [mantisbt-dev] Mantis not working behind a reverse-proxy



Yes, I can install a mantis 1.3-dev on our server and test it.

I'm not sure I'll have time to do that next week, but I'll let you know.




Louis BAYLE
Tel: +33 (0)4.42.604.734
***@gmail.com <mailto:***@gmail.com>



On Sat, Oct 18, 2014 at 11:55 PM, Paul Richards <***@blueyonder.co.uk <mailto:***@blueyonder.co.uk> > wrote:

Are you able to test if the situation is any better with 1.3-dev?



If this is an absolute vs relative link type issue, (which I’m guessing it is) I’m not sure if the situation is improved in 1.3



Paul



From: Louis BAYLE [mailto: <mailto:***@gmail.com> ***@gmail.com]
Sent: 18 October 2014 22:44
To: developer discussions
Subject: [mantisbt-dev] Mantis not working behind a reverse-proxy



Is there a 'good patch' to fix this realy problematic bug in Mantis ?

The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.


http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333



Louis BAYLE
Tel: +33 (0)4.42.604.734
***@gmail.com <mailto:***@gmail.com>
Louis BAYLE
2014-10-19 08:26:42 UTC
Permalink
In deed, we have mantis listening internal on http://172.x.x.x and
accessible on the external with https://88.x.x.x (the reverse-proxy).

I'm fine if users access only via https, that's what I did for CodevTT.
I'll try the $g_path patch asap.



Louis BAYLE
Tel: +33 (0)4.42.604.734
Post by P Richards
If I’m correct about what the issue is likely to be, the problem might
Unless you are saying that the INTERNAL and EXTERNAL path to mantis is
$g_path = $t_protocol . '://' . $t_host . $t_path;
i.e.
if you have mantis listening on http, with a loadbalancing reverse proxy
in front running https, whilst Mantis will detect http://www.foo.com, if
you set
$g_path = https://www.foo.com in the config file that should work I believe.
If you are saying that you use http://mantis.internal and www.foo.org
depending on whether users are internal or external to the corporate
network, then this might be more of an issue.
Looking at the code, we seem to generate a mixture of absolute and
relative links within a page in both 1.2 and 1.3 – the $g_path fix should
be fine for the reverse proxy case, however, the absolute links will need
to go to deal with the split-dns case.
Paul
*Sent:* 18 October 2014 23:16
*To:* developer discussions
*Subject:* Re: [mantisbt-dev] Mantis not working behind a reverse-proxy
Yes, I can install a mantis 1.3-dev on our server and test it.
I'm not sure I'll have time to do that next week, but I'll let you know.
Louis BAYLE
Tel: +33 (0)4.42.604.734
On Sat, Oct 18, 2014 at 11:55 PM, Paul Richards <
Are you able to test if the situation is any better with 1.3-dev?
If this is an absolute vs relative link type issue, (which I’m guessing it
is) I’m not sure if the situation is improved in 1.3
Paul
*Sent:* 18 October 2014 22:44
*To:* developer discussions
*Subject:* [mantisbt-dev] Mantis not working behind a reverse-proxy
Is there a 'good patch' to fix this realy problematic bug in Mantis ?
The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.
http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333
Louis BAYLE
Tel: +33 (0)4.42.604.734
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Louis BAYLE
2014-10-19 08:29:16 UTC
Permalink
also, I had to hardcode the path in the login confirmation email, as there
is no way for mantis to know the external URL.

Louis BAYLE
Tel: +33 (0)4.42.604.734
Post by Louis BAYLE
In deed, we have mantis listening internal on http://172.x.x.x and
accessible on the external with https://88.x.x.x (the reverse-proxy).
I'm fine if users access only via https, that's what I did for CodevTT.
I'll try the $g_path patch asap.
Louis BAYLE
Tel: +33 (0)4.42.604.734
Post by P Richards
If I’m correct about what the issue is likely to be, the problem might
Unless you are saying that the INTERNAL and EXTERNAL path to mantis is
$g_path = $t_protocol . '://' . $t_host . $t_path;
i.e.
if you have mantis listening on http, with a loadbalancing reverse proxy
in front running https, whilst Mantis will detect http://www.foo.com, if
you set
$g_path = https://www.foo.com in the config file that should work I believe.
If you are saying that you use http://mantis.internal and www.foo.org
depending on whether users are internal or external to the corporate
network, then this might be more of an issue.
Looking at the code, we seem to generate a mixture of absolute and
relative links within a page in both 1.2 and 1.3 – the $g_path fix should
be fine for the reverse proxy case, however, the absolute links will need
to go to deal with the split-dns case.
Paul
*Sent:* 18 October 2014 23:16
*To:* developer discussions
*Subject:* Re: [mantisbt-dev] Mantis not working behind a reverse-proxy
Yes, I can install a mantis 1.3-dev on our server and test it.
I'm not sure I'll have time to do that next week, but I'll let you know.
Louis BAYLE
Tel: +33 (0)4.42.604.734
On Sat, Oct 18, 2014 at 11:55 PM, Paul Richards <
Are you able to test if the situation is any better with 1.3-dev?
If this is an absolute vs relative link type issue, (which I’m guessing
it is) I’m not sure if the situation is improved in 1.3
Paul
*Sent:* 18 October 2014 22:44
*To:* developer discussions
*Subject:* [mantisbt-dev] Mantis not working behind a reverse-proxy
Is there a 'good patch' to fix this realy problematic bug in Mantis ?
The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.
http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333
Louis BAYLE
Tel: +33 (0)4.42.604.734
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
P Richards
2014-10-19 10:25:09 UTC
Permalink
In what bit of the generated email?
function string_get_confirm_hash_url( $p_user_id, $p_confirm_hash ) {

$t_path = config_get( 'path' );

return $t_path . 'verify.php?id=' . string_url( $p_user_id ) . '&confirm_hash=' . string_url( $p_confirm_hash );

}

We always make use of config_get(‘path’) to get the value



Paul



From: Louis BAYLE [mailto:***@gmail.com]
Sent: 19 October 2014 09:29
To: developer discussions
Subject: Re: [mantisbt-dev] Mantis not working behind a reverse-proxy



also, I had to hardcode the path in the login confirmation email, as there is no way for mantis to know the external URL.




Louis BAYLE
Tel: +33 (0)4.42.604.734
***@gmail.com <mailto:***@gmail.com>



On Sun, Oct 19, 2014 at 10:26 AM, Louis BAYLE <***@gmail.com <mailto:***@gmail.com> > wrote:

In deed, we have mantis listening internal on http://172.x.x.x and accessible on the external with https://88.x.x.x (the reverse-proxy).

I'm fine if users access only via https, that's what I did for CodevTT. I'll try the $g_path patch asap.






Louis BAYLE
Tel: +33 (0)4.42.604.734
***@gmail.com <mailto:***@gmail.com>



On Sun, Oct 19, 2014 at 1:06 AM, P Richards <***@mantisforge.org <mailto:***@mantisforge.org> > wrote:

If I’m correct about what the issue is likely to be, the problem might actually be ‘worse’ in 1.3-dev – however unless I’m mistaken here:



Unless you are saying that the INTERNAL and EXTERNAL path to mantis is different, it should be a case of setting $g_path to the final path:



$g_path = $t_protocol . '://' . $t_host . $t_path;



i.e.



if you have mantis listening on http, with a loadbalancing reverse proxy in front running https, whilst Mantis will detect http://www.foo.com, if you set



$g_path = https://www.foo.com in the config file that should work I believe.





If you are saying that you use http://mantis.internal and www.foo.org <http://www.foo.org> depending on whether users are internal or external to the corporate network, then this might be more of an issue.



Looking at the code, we seem to generate a mixture of absolute and relative links within a page in both 1.2 and 1.3 – the $g_path fix should be fine for the reverse proxy case, however, the absolute links will need to go to deal with the split-dns case.



Paul





From: Louis BAYLE [mailto:***@gmail.com <mailto:***@gmail.com> ]
Sent: 18 October 2014 23:16
To: developer discussions
Subject: Re: [mantisbt-dev] Mantis not working behind a reverse-proxy



Yes, I can install a mantis 1.3-dev on our server and test it.

I'm not sure I'll have time to do that next week, but I'll let you know.




Louis BAYLE
Tel: +33 (0)4.42.604.734
***@gmail.com <mailto:***@gmail.com>



On Sat, Oct 18, 2014 at 11:55 PM, Paul Richards <***@blueyonder.co.uk <mailto:***@blueyonder.co.uk> > wrote:

Are you able to test if the situation is any better with 1.3-dev?



If this is an absolute vs relative link type issue, (which I’m guessing it is) I’m not sure if the situation is improved in 1.3



Paul



From: Louis BAYLE [mailto: <mailto:***@gmail.com> ***@gmail.com]
Sent: 18 October 2014 22:44
To: developer discussions
Subject: [mantisbt-dev] Mantis not working behind a reverse-proxy



Is there a 'good patch' to fix this realy problematic bug in Mantis ?

The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.


http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333



Louis BAYLE
Tel: +33 (0)4.42.604.734
***@gmail.com <mailto:***@gmail.com>


------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
mantisbt-***@lists.sourceforge.net <mailto:mantisbt-***@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Louis BAYLE
2014-10-21 10:55:48 UTC
Permalink
I applied the pache descriped in issue 13056.
This patch works "a little" : most URLs are correct, there are bad urls
when a user disconnects and reconnects on a page that is not the root
https://host/mantis.

The email pb is because the patch sets $gpath to empty string. Therefore,
string_get_confirm_hash_url cannot return a complete URL.

-----------------
patch applied form 13056:


Mantis\config_inc.php
line 13
// modif proxy
$g_path = '';
$t_url = '';

Mantis\core\string_api.php
line 292
//return $t_path . '/' . $t_script . $t_query . $t_anchor;
// modif proxy
return $t_path . $t_script . $t_query . $t_anchor;

Mantis\core\helper_api.php
line 482
//return config_get_global( 'short_path' ) . $p_url;
// modif proxy
return $p_url;

Louis BAYLE
Tel: +33 (0)4.42.604.734
Post by P Richards
In what bit of the generated email?
function string_get_confirm_hash_url( $p_user_id, $p_confirm_hash ) {
$t_path = config_get( 'path' );
return $t_path . 'verify.php?id=' . string_url( $p_user_id
) . '&confirm_hash=' . string_url( $p_confirm_hash );
}
We always make use of config_get(‘path’) to get the value
Paul
*Sent:* 19 October 2014 09:29
*To:* developer discussions
*Subject:* Re: [mantisbt-dev] Mantis not working behind a reverse-proxy
also, I had to hardcode the path in the login confirmation email, as there
is no way for mantis to know the external URL.
Louis BAYLE
Tel: +33 (0)4.42.604.734
In deed, we have mantis listening internal on http://172.x.x.x and
accessible on the external with https://88.x.x.x (the reverse-proxy).
I'm fine if users access only via https, that's what I did for CodevTT.
I'll try the $g_path patch asap.
Louis BAYLE
Tel: +33 (0)4.42.604.734
If I’m correct about what the issue is likely to be, the problem might
Unless you are saying that the INTERNAL and EXTERNAL path to mantis is
$g_path = $t_protocol . '://' . $t_host . $t_path;
i.e.
if you have mantis listening on http, with a loadbalancing reverse proxy
in front running https, whilst Mantis will detect http://www.foo.com, if
you set
$g_path = https://www.foo.com in the config file that should work I believe.
If you are saying that you use http://mantis.internal and www.foo.org
depending on whether users are internal or external to the corporate
network, then this might be more of an issue.
Looking at the code, we seem to generate a mixture of absolute and
relative links within a page in both 1.2 and 1.3 – the $g_path fix should
be fine for the reverse proxy case, however, the absolute links will need
to go to deal with the split-dns case.
Paul
*Sent:* 18 October 2014 23:16
*To:* developer discussions
*Subject:* Re: [mantisbt-dev] Mantis not working behind a reverse-proxy
Yes, I can install a mantis 1.3-dev on our server and test it.
I'm not sure I'll have time to do that next week, but I'll let you know.
Louis BAYLE
Tel: +33 (0)4.42.604.734
On Sat, Oct 18, 2014 at 11:55 PM, Paul Richards <
Are you able to test if the situation is any better with 1.3-dev?
If this is an absolute vs relative link type issue, (which I’m guessing it
is) I’m not sure if the situation is improved in 1.3
Paul
*Sent:* 18 October 2014 22:44
*To:* developer discussions
*Subject:* [mantisbt-dev] Mantis not working behind a reverse-proxy
Is there a 'good patch' to fix this realy problematic bug in Mantis ?
The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.
http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333
Louis BAYLE
Tel: +33 (0)4.42.604.734
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Paul Richards
2014-10-21 11:54:08 UTC
Permalink
Ok,

What I think I meant was:

a) don't apply that patch
b) set $g_path to external path ( assuming that it's a split ip type thing
- i.e. same internal and external name but the IP changes

So for example:

bugs.company.com on internal network AD dns goes to 172.16.1.20
bugs.company.com on external DNS points to 88.88.88.88
88.88.88.88 is running some load balance (e.g. kemp or whatever) that is
set up to forward/reverse-proxy traffic hitting 88.888.888.88 to 172.16.1.20

In the above scenario, it should only be required to set $g_path and make
no changes to the mantis code base. [By default we try and calculate the
ip etc which could give weird results]


The other scenario would be:

bugs.company.internaldomain on internal network goes to 172.16.1.20
bugs.company.com on external dns points to 88.88.88.88

In this case, I'd be inclined to put a short code block in config_inc.php
that does effectively:


if(preg_match('/^(10|192|172)\./', $_SERVER['REMOTE_ADDR']))
{
$g_path = 'bugs.company.internal.domain';
} else {
$g_path = 'bugs.company.com';
}

I don't believe it should be required to make any changes to the Mantis
Codebase for either of these scenarios to work.

Paul
Post by Louis BAYLE
I applied the pache descriped in issue 13056.
This patch works "a little" : most URLs are correct, there are bad urls
when a user disconnects and reconnects on a page that is not the root
https://host/mantis.
The email pb is because the patch sets $gpath to empty string. Therefore,
string_get_confirm_hash_url cannot return a complete URL.
-----------------
Mantis\config_inc.php
line 13
// modif proxy
$g_path = '';
$t_url = '';
Mantis\core\string_api.php
line 292
//return $t_path . '/' . $t_script . $t_query . $t_anchor;
// modif proxy
return $t_path . $t_script . $t_query . $t_anchor;
Mantis\core\helper_api.php
line 482
//return config_get_global( 'short_path' ) . $p_url;
// modif proxy
return $p_url;
Louis BAYLE
Tel: +33 (0)4.42.604.734
Post by P Richards
In what bit of the generated email?
function string_get_confirm_hash_url( $p_user_id, $p_confirm_hash ) {
$t_path = config_get( 'path' );
return $t_path . 'verify.php?id=' . string_url(
$p_user_id ) . '&confirm_hash=' . string_url( $p_confirm_hash );
}
We always make use of config_get(‘path’) to get the value
Paul
*Sent:* 19 October 2014 09:29
*To:* developer discussions
*Subject:* Re: [mantisbt-dev] Mantis not working behind a reverse-proxy
also, I had to hardcode the path in the login confirmation email, as
there is no way for mantis to know the external URL.
Louis BAYLE
Tel: +33 (0)4.42.604.734
In deed, we have mantis listening internal on http://172.x.x.x and
accessible on the external with https://88.x.x.x (the reverse-proxy).
I'm fine if users access only via https, that's what I did for CodevTT.
I'll try the $g_path patch asap.
Louis BAYLE
Tel: +33 (0)4.42.604.734
If I’m correct about what the issue is likely to be, the problem might
Unless you are saying that the INTERNAL and EXTERNAL path to mantis is
$g_path = $t_protocol . '://' . $t_host . $t_path;
i.e.
if you have mantis listening on http, with a loadbalancing reverse proxy
in front running https, whilst Mantis will detect http://www.foo.com, if
you set
$g_path = https://www.foo.com in the config file that should work I believe.
If you are saying that you use http://mantis.internal and www.foo.org
depending on whether users are internal or external to the corporate
network, then this might be more of an issue.
Looking at the code, we seem to generate a mixture of absolute and
relative links within a page in both 1.2 and 1.3 – the $g_path fix should
be fine for the reverse proxy case, however, the absolute links will need
to go to deal with the split-dns case.
Paul
*Sent:* 18 October 2014 23:16
*To:* developer discussions
*Subject:* Re: [mantisbt-dev] Mantis not working behind a reverse-proxy
Yes, I can install a mantis 1.3-dev on our server and test it.
I'm not sure I'll have time to do that next week, but I'll let you know.
Louis BAYLE
Tel: +33 (0)4.42.604.734
On Sat, Oct 18, 2014 at 11:55 PM, Paul Richards <
Are you able to test if the situation is any better with 1.3-dev?
If this is an absolute vs relative link type issue, (which I’m guessing
it is) I’m not sure if the situation is improved in 1.3
Paul
*Sent:* 18 October 2014 22:44
*To:* developer discussions
*Subject:* [mantisbt-dev] Mantis not working behind a reverse-proxy
Is there a 'good patch' to fix this realy problematic bug in Mantis ?
The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.
http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333
Louis BAYLE
Tel: +33 (0)4.42.604.734
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Louis BAYLE
2014-10-23 10:45:48 UTC
Permalink
The first solution did it !
Post by Paul Richards
set $g_path to external path
Mantis is not accessible on the internal, but I don't care, that's the
perfect solution for me !

thank you,
Louis

Louis BAYLE
Tel: +33 (0)4.42.604.734
Post by Paul Richards
Ok,
a) don't apply that patch
b) set $g_path to external path ( assuming that it's a split ip type thing
- i.e. same internal and external name but the IP changes
bugs.company.com on internal network AD dns goes to 172.16.1.20
bugs.company.com on external DNS points to 88.88.88.88
88.88.88.88 is running some load balance (e.g. kemp or whatever) that is
set up to forward/reverse-proxy traffic hitting 88.888.888.88 to 172.16.1.20
In the above scenario, it should only be required to set $g_path and make
no changes to the mantis code base. [By default we try and calculate the
ip etc which could give weird results]
bugs.company.internaldomain on internal network goes to 172.16.1.20
bugs.company.com on external dns points to 88.88.88.88
In this case, I'd be inclined to put a short code block in config_inc.php
if(preg_match('/^(10|192|172)\./', $_SERVER['REMOTE_ADDR']))
{
$g_path = 'bugs.company.internal.domain';
} else {
$g_path = 'bugs.company.com';
}
I don't believe it should be required to make any changes to the Mantis
Codebase for either of these scenarios to work.
Paul
Post by Louis BAYLE
I applied the pache descriped in issue 13056.
This patch works "a little" : most URLs are correct, there are bad urls
when a user disconnects and reconnects on a page that is not the root
https://host/mantis.
The email pb is because the patch sets $gpath to empty string. Therefore,
string_get_confirm_hash_url cannot return a complete URL.
-----------------
Mantis\config_inc.php
line 13
// modif proxy
$g_path = '';
$t_url = '';
Mantis\core\string_api.php
line 292
//return $t_path . '/' . $t_script . $t_query . $t_anchor;
// modif proxy
return $t_path . $t_script . $t_query . $t_anchor;
Mantis\core\helper_api.php
line 482
//return config_get_global( 'short_path' ) . $p_url;
// modif proxy
return $p_url;
Louis BAYLE
Tel: +33 (0)4.42.604.734
Post by P Richards
In what bit of the generated email?
function string_get_confirm_hash_url( $p_user_id, $p_confirm_hash ) {
$t_path = config_get( 'path' );
return $t_path . 'verify.php?id=' . string_url(
$p_user_id ) . '&confirm_hash=' . string_url( $p_confirm_hash );
}
We always make use of config_get(‘path’) to get the value
Paul
*Sent:* 19 October 2014 09:29
*To:* developer discussions
*Subject:* Re: [mantisbt-dev] Mantis not working behind a reverse-proxy
also, I had to hardcode the path in the login confirmation email, as
there is no way for mantis to know the external URL.
Louis BAYLE
Tel: +33 (0)4.42.604.734
In deed, we have mantis listening internal on http://172.x.x.x and
accessible on the external with https://88.x.x.x (the reverse-proxy).
I'm fine if users access only via https, that's what I did for CodevTT.
I'll try the $g_path patch asap.
Louis BAYLE
Tel: +33 (0)4.42.604.734
If I’m correct about what the issue is likely to be, the problem might
Unless you are saying that the INTERNAL and EXTERNAL path to mantis is
$g_path = $t_protocol . '://' . $t_host . $t_path;
i.e.
if you have mantis listening on http, with a loadbalancing reverse proxy
in front running https, whilst Mantis will detect http://www.foo.com,
if you set
$g_path = https://www.foo.com in the config file that should work I believe.
If you are saying that you use http://mantis.internal and www.foo.org
depending on whether users are internal or external to the corporate
network, then this might be more of an issue.
Looking at the code, we seem to generate a mixture of absolute and
relative links within a page in both 1.2 and 1.3 – the $g_path fix should
be fine for the reverse proxy case, however, the absolute links will need
to go to deal with the split-dns case.
Paul
*Sent:* 18 October 2014 23:16
*To:* developer discussions
*Subject:* Re: [mantisbt-dev] Mantis not working behind a reverse-proxy
Yes, I can install a mantis 1.3-dev on our server and test it.
I'm not sure I'll have time to do that next week, but I'll let you know.
Louis BAYLE
Tel: +33 (0)4.42.604.734
On Sat, Oct 18, 2014 at 11:55 PM, Paul Richards <
Are you able to test if the situation is any better with 1.3-dev?
If this is an absolute vs relative link type issue, (which I’m guessing
it is) I’m not sure if the situation is improved in 1.3
Paul
*Sent:* 18 October 2014 22:44
*To:* developer discussions
*Subject:* [mantisbt-dev] Mantis not working behind a reverse-proxy
Is there a 'good patch' to fix this realy problematic bug in Mantis ?
The patch I applied to our installation does not work very well.
IMHO this is realy a critical bug.
http://www.mantisbt.org/bugs/view.php?id=13056
http://www.mantisbt.org/bugs/view.php?id=9333
Louis BAYLE
Tel: +33 (0)4.42.604.734
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Loading...