<div dir="ltr"><div>Hello Thorsten,</div><div><br></div><div>We managed to solve the problem by changing the field 'urlbase' with the complete url using https and leaving 'sslbase' blank.</div><div><br></div><div>Thank you very much for your help.</div><div><br></div><div>Sincerely,</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El vie, 7 may 2021 a las 4:18, Thorsten Schöning (<<a href="mailto:tschoening@am-soft.de">tschoening@am-soft.de</a>>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Guten Tag Facundo Ezequiel Bisso,<br>
am Freitag, 7. Mai 2021 um 00:50 schrieben Sie:<br>
<br>
> "The new value for sslbase is invalid: Failed to connect to <a href="http://mydomain.com:443" rel="noreferrer" target="_blank">mydomain.com:443</a><br>
> (Connection timed out); unable to enable SSL." (see screenshot 1)<br>
<br>
I'm somewhat sure that this check is server side only within your<br>
Apache HTTPd and you only see the output of the result in your<br>
browser. So if I understand your setup correctly, it's already BEHIND<br>
your SSL termination and in theory the check is simply correct of :443<br>
is not available at that place. So check your internal setup starting<br>
from HTTPd's point of view if :443 is reachable or not.<br>
<br>
I doubt that this check can be skipped using the web interface, so you<br>
might try to change the config directly in the file<br>
"data/params.json". Just search for "sslbase" in there and see what<br>
happens.<br>
<br>
> although we are actually already using that address with the certificates<br>
> provided by our haproxy (With ssl termination. The conection between<br>
> haproxy and apache is made over port 80).<br>
> Firefox reports that the connection is secure. (See screenshot 2)<br>
<br>
Because you are coming from "outside" and are connecting to HAPROXY,<br>
that's pretty likely a different starting point than what Bugzilla<br>
does when it checks SSL on its own.<br>
<br>
> We are also encountering a weird problem where we need to log in three<br>
> times before it goes through, and the second time a warning pops up that<br>
> says: "The information you have entered on this page will be sent over an<br>
> insecure connection and could be read by a third party." though, again, we<br>
> are using https and valid certificates. (See Screenshot 3)<br>
<br>
Check your browser when accessing Bugzilla very careful and have<br>
especially a look at the development tools about redirects. If you<br>
start :443, input username and password I guess you are afterwards<br>
redirected by Bugzilla because of missing SSLBASE to :80. This makes<br>
your browser warn about unsecured auth credentials in the end.<br>
<br>
Even if you don't see those redirects, when your browser warns you,<br>
check the domain and port of the page! It's very likely :80 instead of<br>
:443 and the warning of the browser is correct in this case.<br>
<br>
Without SSLBSASE, Bugzilla will render all output using URLBASE, so if<br>
that is :80 in your case, the browser will make unsecured requests in<br>
the end and warn you about that. When you don't want ANY :80 requests,<br>
you might try changing URLBASE to HTTPS instead.<br>
<br>
> In some PHP-based applications, we use the "X-Forwarded-Proto" header to<br>
> set the HTTPS environment variable in Apache, so that the application works<br>
> as if it were being accessed through port 443.<br>
> Will some kind of similar configuration be necessary?<br>
<br>
Don't think so, instead you should make sure that Bugzilla can resolve<br>
DOMAIN:443 properly server side first.<br>
<br>
Mit freundlichen Grüßen<br>
<br>
Thorsten Schöning<br>
<br>
-- <br>
AM-SoFT IT-Service - Bitstore Hameln GmbH i.G.<br>
Mitglied der Bitstore Gruppe - Ihr Full-Service-Dienstleister für IT und TK<br>
<br>
E-Mail: Thorsten.Schoening@AM-SoFT.de<br>
Web: <a href="http://www.AM-SoFT.de/" rel="noreferrer" target="_blank">http://www.AM-SoFT.de/</a><br>
<br>
Tel: 05151- 9468- 0<br>
Tel: 05151- 9468-55<br>
Fax: 05151- 9468-88<br>
Mobil: 0178-8 9468-04<br>
<br>
AM-SoFT IT-Service - Bitstore Hameln GmbH i.G., Brandenburger Str. 7c, 31789 Hameln<br>
AG Hannover HRB neu - Geschäftsführer: Janine Galonska<br>
<br>
<br>
Für Rückfragen stehe ich Ihnen sehr gerne zur Verfügung.<br>
<br>
Mit freundlichen Grüßen<br>
<br>
Thorsten Schöning<br>
<br>
<br>
Tel: 05151 9468 0<br>
Fax: 05151 9468 88<br>
Mobil: <br>
Webseite: <a href="https://www.am-soft.de" rel="noreferrer" target="_blank">https://www.am-soft.de</a> <br>
<br>
AM-Soft IT-Service - Bitstore Hameln GmbH i.G. ist ein Mitglied der Bitstore Gruppe - Ihr Full-Service-Dienstleister für IT und TK<br>
<br>
AM-Soft IT-Service - Bitstore Hameln GmbH i.G.<br>
Brandenburger Str. 7c<br>
31789 Hameln<br>
Tel: 05151 9468 0<br>
<br>
Bitstore IT-Consulting GmbH<br>
Zentrale - Berlin Lichtenberg<br>
Frankfurter Allee 285<br>
10317 Berlin<br>
Tel: 030 453 087 80<br>
<br>
CBS IT-Service - Bitstore Kaulsdorf UG<br>
Tel: 030 453 087 880 1<br>
<br>
Büro Dallgow-Döberitz<br>
Tel: 03322 507 020<br>
<br>
Büro Kloster Lehnin<br>
Tel: 033207 566 530<br>
<br>
PCE IT-Service - Bitstore Darmstadt UG<br>
Darmstadt<br>
Tel: 06151 392 973 0<br>
<br>
Büro Neuruppin<br>
Tel: 033932 606 090<br>
<br>
ACI EDV Systemhaus - Bitstore Dresden GmbH<br>
Dresden<br>
Tel: 0351 254 410<br>
<br>
Das Systemhaus - Bitstore Magdeburg GmbH<br>
Magdeburg<br>
Tel: 0391 636 651 0<br>
<br>
Allerdata.IT - Bitstore Wittenberg GmbH<br>
Wittenberg<br>
Tel: 03491 876 735 7<br>
<br>
Büro Liebenwalde<br>
Tel: 033054 810 00<br>
<br>
HSA - das Büro - Bitstore Altenburg UG<br>
Altenburg<br>
Tel: 0344 784 390 97<br>
<br>
Bitstore IT – Consulting GmbH<br>
NL Piesteritz <br>
Piesteritz<br>
Tel: 03491 644 868 6<br>
<br>
Solltec IT-Services - Bitstore Braunschweig UG<br>
Braunschweig<br>
Tel: 0531 206 068 0<br>
<br>
MF Computer Service - Bitstore Gütersloh GmbH<br>
Gütersloh<br>
Tel: 05245 920 809 3<br>
<br>
Firmensitz: AM-Soft IT-Service - Bitstore Hameln GmbH i.G. , Brandenburger Str. 7c , 31789 Hameln<br>
Geschäftsführer Janine Galonska<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
support-list mailing list<br>
<a href="mailto:support-list@bugzilla.org" target="_blank">support-list@bugzilla.org</a><br>
<a href="https://lists.bugzilla.org/listinfo/support-list" rel="noreferrer" target="_blank">https://lists.bugzilla.org/listinfo/support-list</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Facundo Ezequiel Bisso</div><div>Coordinador</div><div>Administración de Sistemas e Infraestructura<br></div>Subsecretaría de Tecnología de la Información y Comunicaciones<br>Facultad Regional Buenos Aires - Universidad Tecnológica Nacional<br>Medrano 951 3er Piso (C1179AAQ) Cap. Fed.<br>Oficina 315 - 4867-7607</div></div>