[TYPO3-english] Connection problem - pagetree not rendered - https - load balancing

Wed Jan 20 18:33:32 CET 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hey there.

First things first:
The file „localconf.php“ is outdated, the „typo3conf/LocalConfiguration.php“ would be the current position, using a slightly different format.
But in general, the LocalConfiguration is *not* the place where you want to have environment specific configuration since those are likely to only are true for your production environment but not for staging or development.
That would be „typo3conf/AdditionalConfiguration.php“ according to TYPO3 default includes or „typo3conf/EnvironmentConfiguration.php“ according to some suggestions you find on google.

And now for setting up the HTTPS proxy part.

At first you should make sure if your proxy connects to your web server via IPv4 or IPv6. Having „::1“ as allow rule for proxy processing ist most certainly not enough, that’s like the IPv6 version of „127.0.0.1“ for IPv4. So that’s not an actual proxy setup for IPv6 and no proxy setup at all for IPv4.
Find the IP address your proxy server use as source to connect to your web server.
Since you have two front facing proxy servers, you will end up having a list of two IP addresses. Use the „comma“ sign to combine them together. That’s your „proxy source“.

Usual setups have a private IPv4 range for connecting proxy servers and web servers, like 192.168.0.5 for the web server, 192.168.0.10 and 192.168.0.11 for the proxy. In this scenario, the web server itself does not have a public IP address but the proxy servers have. The proxy servers are configured to to access 192.168.0.5 as backend resource.
This would result in „192.168.0.10,192.168.0.11“ as your proxy source string, since those exact IP addresses are expected to be the source for proxied requests.
Of course those numbers are an example, your setup will differ slightly.

The second step is to make those IP addresses known to TYPO3 as sources for proxy requests.
You need to put that proxy source into the "$GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP‘]“.

As a third step, you need to tell TYPO3 those proxy servers are meant to use HTTPS to clients, even tough they use HTTP to connect to your web server.
The easiest way is to set $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL‘] to „*", which tells TYPO3 to use all reverseProxyIP as reverseProxySSL as well.

That should do the trick.

My guess: You skipped the last step.

Regards,

Am 20.01.16 12:27 schrieb "typo3-english-bounces at lists.typo3.org im Auftrag von Roberto Demontis" <typo3-english-bounces at lists.typo3.org im Auftrag von r.demontis at neatec.it>:

>Hi Raj,
>
>"The solution" was to keep only autentication page in https and leave backend.php in http. So, I haven't solved the original problem really, but only found a way to avoid it.
>For my purpose it's sufficient that backend user credentials are posted encrypted. The rest of the web site could be in clear.
>
>Roberto
>
Stephan Schuler
Web-Entwickler | netlogix Web Solutions

Telefon: +49 (911) 539909 - 0
E-Mail: Stephan.Schuler at netlogix.de
Web: websolutions.netlogix.de

netlogix GmbH & Co. KG
IT-Services | IT-Training | Web Solutions
Neuwieder Straße 10 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: info at netlogix.de | Web: http://www.netlogix.de

netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Umsatzsteuer-Identifikationsnummer: DE 233472254
Geschäftsführer: Stefan Buchta, Matthias Schmidt

_______________________________________________
>TYPO3-english mailing list
>TYPO3-english at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english

-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.2 (Build 15917)
Charset: utf-8

wpUDBQFWn8Ttpp0IwsibV8MBCATXA/42NNBzt9IuspoFGsqERElPr/Sk//laDQ38
e1XkFAjKUxKnxZcCBRn1R++hN75NPKAAPDXpKgDkw6PM9I0f6RCei/duwuhBJ3ko
o0xwZzldoYm1yVKlmCJXGb+gErCbovr/ZqXZ/Ws6hjkZ/5mPyolRbP8Zrt/ZeFye
jW05Wf9G9g==
=N6uE
-----END PGP SIGNATURE-----