Prestashop, Docker, Reverse Proxy Apache and SSL

General Discussions
, ,
1

I’m migrating a Prestashop portal to Docker, at the moment with the same version, I am using an Apache reverse proxy to output it but it gives me an SSL error. Inside the backoffice it shows me the warning of the URL with the port and in the frontoffice it doesn’t let me enter, it cycles and shows an error. The docker container log does not show any errors

Do you know how I can force from http to http? I have already modified the .htaccess, confic.inc and the Link class, but I can’t make it work.

Add this code in the config.inc:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) AND $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
{ $_SERVER['HTTPS'] = 'on'; }
$_SERVER['HTTP_HOST']=str_replace(':443','',$_SERVER['HTTP_HOST']);

Change the $force_ssl variable inside the Link.php file to true:

public function getBaseLink($idShop = null, $ssl = null, $relativeProtocol = false)
    {
        static $force_ssl = true;  /*CHANGED*/

        if ($ssl === null) {
            if ($force_ssl === null) {
                $force_ssl = (Configuration::get('PS_SSL_ENABLED') && Configuration::get('PS_SSL_ENABLED_EVERYWHERE'));
            }
            $ssl = $force_ssl;
        }

        if (Configuration::get('PS_MULTISHOP_FEATURE_ACTIVE') && $idShop !== null) {
            $shop = new Shop($idShop);
        } else {
            $shop = Context::getContext()->shop;
        }

        if ($relativeProtocol) {
            $base = '//'.($ssl && $this->ssl_enable ? $shop->domain_ssl : $shop->domain);
        } else {
            $base = (($ssl && $this->ssl_enable) ? 'https://'.$shop->domain_ssl : 'https://'.$shop->domain); /*CHANGED second http to https */
        }

        return $base.$shop->getBaseURI();
    }

.htaccess

 DirectoryIndex index.php
    
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>
    
    <IfModule mod_rewrite.c>
        RewriteEngine On
    
        RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
        RewriteRule ^(.*) - [E=BASE:%1]
    
    
        # Sets the HTTP_AUTHORIZATION header removed by apache
        RewriteCond %{HTTP:Authorization} .
        RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
        # Keep legacy entry points
        RewriteRule ^(ajax|ajax_products_list|ajax-tab|backup|cron_currency_rates)\.php - [P]
        RewriteRule ^(displayImage|drawer|footer\.inc|functions|get-file-admin)\.php - [P]
        RewriteRule ^(grider|header\.inc|init|login|password|pdf|searchcron)\.php - [P]
    
        # If the URL is a legacy on index.php?controller=..., do not rewrite (let the legacy take it)
        RewriteCond  %{QUERY_STRING} (^|&)controller=|(^|&)tab=
        RewriteRule .* - [P]
    
        RewriteCond %{REQUEST_FILENAME} -f
        RewriteRule .? - [L]
    
        RewriteRule .? %{ENV:BASE}/index.php [L]
    </IfModule>
    
    <IfModule !mod_rewrite.c>
        <IfModule mod_alias.c>
            RedirectMatch 302 ^/$ /index.php/
        </IfModule>
    </IfModule>
    
    <IfModule mod_rewrite.c>
    <IfModule mod_env.c>
    SetEnv HTTP_MOD_REWRITE On
    </IfModule>
    
    RewriteEngine on
    
    RewriteRule . - [E=REWRITEBASE:/]
    RewriteRule ^api(?:/(.*))?$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]
    RewriteRule ^upload/.+$ %{ENV:REWRITEBASE}index.php [QSA,L]
    
    RewriteCond %{REQUEST_FILENAME} -s [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
    </IfModule>
    
    AddType application/vnd.ms-fontobject .eot
    AddType font/ttf .ttf
    AddType font/otf .otf
    AddType application/font-woff .woff
    AddType font/woff2 .woff2
    <IfModule mod_headers.c>
        <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg)$">
            Header set Access-Control-Allow-Origin "*"
        </FilesMatch>
    
        <FilesMatch "\.pdf$">
          Header set Content-Disposition "Attachment"
          Header set X-Content-Type-Options "nosniff"
        </FilesMatch>
    </IfModule>
    
    <Files composer.lock>
        # Apache 2.2
        <IfModule !mod_authz_core.c>
            Order deny,allow
            Deny from all
        </IfModule>
    
        # Apache 2.4
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
    </Files>
    <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresByType image/gif "access plus 1 month"
        ExpiresByType image/jpeg "access plus 1 month"
        ExpiresByType image/png "access plus 1 month"
        ExpiresByType text/css "access plus 1 week"
        ExpiresByType text/javascript "access plus 1 week"
        ExpiresByType application/javascript "access plus 1 week"
        ExpiresByType application/x-javascript "access plus 1 week"
        ExpiresByType image/x-icon "access plus 1 year"
        ExpiresByType image/svg+xml "access plus 1 year"
        ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
        ExpiresByType application/font-woff "access plus 1 year"
        ExpiresByType application/x-font-woff "access plus 1 year"
        ExpiresByType font/woff2 "access plus 1 year"
        ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
        ExpiresByType font/opentype "access plus 1 year"
        ExpiresByType font/ttf "access plus 1 year"
        ExpiresByType font/otf "access plus 1 year"
        ExpiresByType application/x-font-ttf "access plus 1 year"
        ExpiresByType application/x-font-otf "access plus 1 year"
    </IfModule>
    
    <IfModule mod_headers.c>
        Header unset Etag
    </IfModule>
    FileETag none
    <IfModule mod_deflate.c>
        <IfModule mod_filter.c>
            AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/x-javascript font/ttf application/x-font-ttf font/otf application/x-font-otf font/opentype image/svg+xml
        </IfModule>
    </IfModule>
    
    <IfModule mime_module>
      AddHandler application/x-httpd-alt-php72___lsphp .php .php7 .phtml
    </IfModule>
    ```
    
    ```
    **app.conf
    **
    <Proxy *>
            Order deny,allow
            Allow from all
    </Proxy>
    
    SSLEngine on
    
    ProxyPass / http://URL:8096/
    ProxyPassReverse / http://URL:8096/
    
    <Location />
            Order allow,deny
            Allow from all
    </Location>
    
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{URL}/$1 [R=301,L]
2

What warning and what error exactly? Please always share the error messages. That helps a lot to help you.

You mean http to https, riight?

The proxy could do that too. If you want to do it from the PHP code, what you tried could work, but I don’t know how Prestashop gets information about the protocol. What I did to run my PHP container is that I set the HTTPS environment variable to “on”. PHP recognized it and set $_SERVER['HTTPS'] to “on” as well. I wouldn’t modify the value of super global variables since some PHP apps could use filter_input to get the server variables so it wouldn’t be affected by your change.

https://www.php.net/manual/en/function.filter-input.php

3

The error it shows is ek 302 and it is for the SSL certificate. I already managed to stop it from cycling, now the problem is that the port is shown in the URLs, is there any way to force the Root URL? In Laravel I have used URL::forceRootUrl

4

If you mean the HTTP 302 status code, that is not an error. Unless it is shown in an error message which. In this case, since you used the word “cylcing”, I could guess that the error message was about the recursive redirection but if you share the exact error message instead of let people guess what is obvious to you, everyone will understand your goal and issue more quickly. You already saw the error message and know exactly what your issue is, but this information could be a missing part for everyone else :slight_smile:

I’m afraid that requires knowing more about Prestashop. Sometimes a framework or CMs supports setting an URL in a config file which is used to build new urls instead of using the server variables. The object from which you shared a method has domain_ssl and domain properties. I would try to find out where they are set or ask on a Prestashop forum