From e2dc15774fd1e9eadd1c119a486e26b9af95c3de Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 9 Mar 2017 10:48:04 +0100 Subject: [PATCH] Fix u2f with nginx rp --- data/web/inc/prerequisites.inc.php | 3 +-- data/web/u2f_api.php | 5 ++--- docs/first_steps.md | 2 ++ 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php index ffa1eac6..b5f150fc 100644 --- a/data/web/inc/prerequisites.inc.php +++ b/data/web/inc/prerequisites.inc.php @@ -26,8 +26,7 @@ require_once 'inc/lib/Yubico.php'; // U2F API require_once 'inc/lib/U2F.php'; -$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://"; -$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']); +$u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']); // PDO $dsn = "$database_type:host=$database_host;dbname=$database_name"; diff --git a/data/web/u2f_api.php b/data/web/u2f_api.php index 634757ce..cd3a4ab6 100644 --- a/data/web/u2f_api.php +++ b/data/web/u2f_api.php @@ -3,8 +3,7 @@ require_once('inc/prerequisites.inc.php'); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ); -$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://"; -$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']); +$u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']); function getRegs($username) { global $pdo; @@ -154,4 +153,4 @@ Action:
} ?> - \ No newline at end of file + diff --git a/docs/first_steps.md b/docs/first_steps.md index 5b5211f1..91cfb581 100644 --- a/docs/first_steps.md +++ b/docs/first_steps.md @@ -83,6 +83,7 @@ HTTP_PORT=8080 HTTPS_PORT=127.0.0.1 HTTPS_PORT=8443 ``` +** IMPORTANT: Do not use port 8081 ** Recreate affected containers by running `docker-compose up -d`. @@ -125,6 +126,7 @@ server { location / { proxy_pass http://127.0.0.1:8080/; proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;