Port mapping Error WebProxy HTTPS

TheMatrix97 · March 4, 2021, 10:53am

Hi!
I’m trying to run Tutor behind a web proxy, which its only purpose is applying HTTPS using proprietary certificates. This is my scenario:

Apache Web proxy (listening 8443) → Tutor (running on port 8888) (LMS_HOST = myhostname:8443 and ENABLE_HTTPS = true).

Notice that I needed to set the port in LMS_HOST, otherwise, some web redirects (like the login from CMS) will redirect to port 80/443…
But as you might suspect, it doesn’t work… The allowed hosts verification fails Invalid HTTP_HOST header: 'myhostname:8443'. You may need to add 'myhostname' to ALLOWED_HOSTS. returning a 400 error…

Reading the documentation it seems that tutor expect to use ports 80/443 in production environments, is there any way to expose the tutor production deployment in a different port?

I’m sharing some relevant configuration:

Apache web proxy configuration

<VirtualHost *:8443>
  SSLEngine on
  SSLCertificateFile "./cert.pem"
  SSLCertificateKeyFile "./cert.key"
  ProxyPass "/" "http://localhost:8888/"
  ProxyPassReverse "/" "http://localhost:8888/"
  ProxyPreserveHost on
</VirtualHost>

Relevant tutor config.yml

CMS_HOST: studio.myhostname:8443
ENABLE_HTTPS: true
LMS_HOST: myhostname:8443
NGINX_HTTP_PORT: 127.0.0.1:8888
PLATFORM_NAME: myPlatform
RUN_CADDY: false

I’m getting the following error when trying to get https://myhostname:8443

cms_1  | 2021-03-04 09:24:25,592 ERROR 12 [django.security.DisallowedHost] [user None] exception.py:75 - Invalid HTTP_HOST header: 'myhostname:8443'. You may need to add 'myhostname' to ALLOWED_HOSTS.

or https://studio.myhostname:8443

cms_1 | 2021-03-04 10:17:35,826 ERROR 7 [django.security.DisallowedHost] [user None] exception.py:75 - Invalid HTTP_HOST header: 'studio.myhostname:8443'. You may need to add 'studio.myhostname' to ALLOWED_HOSTS.

Does anyone knows how to deploy tutor in a different port than 80 behind a webproxy, and make all redirections work properly? Thank you very much in advance!

PD: Probably would be better just exposing the nginx to the public? how could I set my own certificates without using caddy?

Summary

This text will be hidden

EDIT: I tried to add manually studio.myhostname and hostname to ALLOWED_HOSTS, but seems that the oauth2 strategy is not working properly, I log in but when redirection to the initial page happens it appears that I’m not logged in… I know that the ideal would be not hardcoding the port in CMS_HOST / LMS_HOST, but if I don’t do it some redirection just go to :80…

regis · March 8, 2021, 12:23pm

Hi @TheMatrix97! Unfortunately, running the LMS/CMS on ports other than 80/443 is unsupported at this point. I got enough headaches getting both these ports to work in Tutor and I’m not ready to take on the task to add yet another HTTP entry point

Can I suggest you create a Tutor plugin that will manually add 'myhostname' (without the “:8443” part) to ALLOWED_HOSTS? I honestly have no idea if it will work, but you can give it a try.

TheMatrix97 · March 8, 2021, 12:40pm

Hey @regis,
Thanks for your response! No worries, I already did a manual modification of the allowed hosts in order to make it work… I’ll program the plugin and post it here, for future references…
Thank you very much!