(Github says that bug reports shouldn’t be posted there, so I’m posting here instead)
Issue: when running LibreNMS (1.69) behind a reverse proxy which accepts HTTPS (and sets X-Forwarded-Proto), most of the links within the page, such as for CSS and Javacsript assets, are https as expected. However the <base href="... > link in the <head> section of the page is still http://.
The following fixes it for me:
--- LibreNMS/Config.php.orig 2021-01-11 11:09:04.389482310 +0000
+++ LibreNMS/Config.php 2021-01-11 12:31:56.310535655 +0000
@@ -404,6 +404,9 @@
private static function processConfig()
{
// If we're on SSL, let's properly detect it
+ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
+ $_SERVER['HTTPS'] = 'on';
+ }
if (isset($_SERVER['HTTPS'])) {
self::set('base_url', preg_replace('/^http:/', 'https:', self::get('base_url')));
}
I didn’t submit a pull request because I’m no PHP expert, and know nothing about Laravel, so there may be a better way to fix this.
Aside: I’m not really sure what the base_url is being used for anyway. In the top-level config.php, if I set
$config['base_url'] = "http://librenms.example.net/";
then the login page does contain the element
<base href="http://librenms.example.net/" />
However, all the CSS and Javascript links still contain the absolute links using whatever hostname the client provided as the Host: header, which overrides this. So there doesn’t seem to be much point in setting base_url in the first place.
Regards,
Brian.