What does it actually do? When it’s on, I get a redirecting error when trying to connect to my nextcloud at cloud.example.com, but with it off, it seems like I can’t connect to NC using http anyway? Am I misunderstanding what it does?

Thanks!

  • loganb@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    If my understanding of how “force SSL” works for most proxies, it just simply issues a HTTP 300 redirect message for all http traffic coming in on port 80. It then sends everything to port 443 https.

    Do you get a 502 when you try to connect with the force SSL turned off? It might me less of an issue with SSL and more that your proxy is not pointing to the right host / port of your nextcloud server.

    • 🅱🅴🅿🅿🅸@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      When I connect with it off, I am able to connect. If I use https://cloud… It connects, when I use http://cloud… The address bar changes to https and connects like normal.

      It just feels weird using it with force SSL off, as if even though I’m always connecting with https I’m still leaking passwords

      • Sndr@feddit.nl
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        “Force SSL” forces your browser to redirect http://example.com to https://example.com, it doesn’t “force” SSL into the connection. As long as you’re connecting through HTTPS, the traffic is encrypted.

        If your browser redirects you from http to https after you turn off Force SSL, there could be two things going on, both related to caching:

        1. You turned on HSTS previously and that’s still cached in your browser.
        2. The http->https redirect is still cached.

        You can check both of these by clearing your browser cache for example.com (or in general).

        • 🅱🅴🅿🅿🅸@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Thanks for the reply, yeah that’s what I thought it was meant to do, sorry for the confusion

          Do you have any idea why setting it on would lead to “this page isn’t redirecting properly” in firefox?

          • redcalcium@lemmy.institute
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Usually it’s due to the webapp not knowing that the request is actually already served under https by the reverse proxy, it think the request is still served over http so it issues a redirect to https, which leads to a redirect loop.

              • redcalcium@lemmy.institute
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                I’m not sure what happened in your setup, but here is how https handling should works:

                • users request https://example.com to your reverse proxy
                • reverse proxy pass the requests to upstream server, but using http instead. It also add HTTP_X_FORWARDED_PROTO header to let the upstream server know that even though the request is over http, the end user actually served over https so it should assume the connection as https
                • the upstream server return a response, it take into accounts that the request is already done via https (e.g. generating links with https:// prefix, etc).

                I think this chain is broken somewhere in your setup and cause nextcloud to not receive the HTTP_X_FORWARDED_PROTO header from nginx proxy.