Newer browsers block mixed content on HTTPS pages. The Drupal install system generates HTTP URLs when the site is accessed through a reverse proxy, even when the reverse proxy uses HTTPS and reverse proxy settings have been configured in settings.php. The installation fails to complete because it depends on JavaScript for batch processing.

CommentFileSizeAuthor
#7 2609076-7.patch3.69 KBalexpott
#7 2-7-interdiff.txt4.18 KBalexpott
#2 install-https-reverse-proxy-2609076.patch1.02 KBdarren oh

Comments

Darren Oh created an issue. See original summary.

darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
StatusFileSize
new install-https-reverse-proxy-2609076.patch1.02 KB
darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
Assigned: darren oh » Unassigned
Status: Active » Needs review
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Issue tags: +Needs manual testing
StatusFileSize
new 2-7-interdiff.txt4.18 KB
new 2609076-7.patch3.69 KB

I also think we need to do a little bit more to have everything covered.

Something like the patch attached.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Priority: Critical » Major
Issue tags: +rc target

Discussed with @catch - we feel that this is only a major (that we'd like to fix before release) because it requires that you are using a reverse proxy, https and the web installer. Probably not a common situation.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented

The real issue here is that the installer is not handling the request through the kernel and requires refactoring to do that. It would be a massive amount of work and not something we're going to attempt before D8 release.

cilefen’s picture

cilefen commented

As a workaround, this may help. You can set environment variables in Apache, for example, by having the proxy send X-Forwarded-Proto = https:

# This helps applications behind a proxy know that the pages
# were originally requested over https

SetEnvIf X-Forwarded-Proto https HTTPS=on
darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
Status: Needs review » Reviewed & tested by the community

The patch attached to #7 works. Just to be clear, there is no need to wait for the massive amount of work required to get the installer to handle requests through the kernel. Both of the patches attached to this issue fix the way the installer handles requests now.

catch’s picture

catch
he/him
Primary language English
commented
Status: Reviewed & tested by the community » Fixed

Committed/pushed to 8.0.x, thanks!

  • catch committed 9fb76ea on 8.0.x 
    Issue #2609076 by alexpott, Darren Oh: Install failure with HTTPS...

  • catch committed 9fb76ea on 8.1.x 
    Issue #2609076 by alexpott, Darren Oh: Install failure with HTTPS...
isntall’s picture

isntall commented

This one bit me with nginx and php-fpm.
After trying to install head I still was getting mixed content warnings from Firefox, and thus no theme.
This fixed it for me on nginx

fastcgi_param HTTPS $https;

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.