Kirby ignores HTTPS Header behind NGINX Proxy server

Hi there,

I have my Kirby running in an Apache Docker Container behind a NGINX Proxy (I use the Dokku setup). Sadly Kirby can’t see that the server is being accessed over HTTPS. I have a dump of the Kirby Environment.

array(10) {
  ["baseUrl"]=>
  string(33) "http://www.example.de"
  ["host"]=>
  string(26) "www.example.de"
  ["https"]=>
  bool(false)
  ["info"]=>
  array(82) {
    ["DOKKU_PROXY_PORT"]=>
    string(2) "80"
    ["DOKKU_APP_TYPE"]=>
    string(9) "herokuish"
    ["COMPOSER_NO_INTERACTION"]=>
    string(1) "1"
    ["HOSTNAME"]=>
    string(12) "97f711d680b4"
    ["DOKKU_PROXY_SSL_PORT"]=>
    string(3) "443"
    ["HEROKU_APP_DIR"]=>
    string(4) "/app"
    ["MEMORY_AVAILABLE"]=>
    string(3) "512"
    ["CACHE_PATH"]=>
    string(6) "/cache"
    ["HEROKUISH_VERSION"]=>
    string(6) "0.5.36"
    ["HEROKU_PHP_HTTPD_CONFIG_INCLUDE"]=>
    string(73) "/app/vendor/heroku/heroku-buildpack-php/conf/apache2/default_include.conf"
    ["DOCUMENT_ROOT"]=>
    string(11) "/app/public"
    ["DOKKU_APP_RESTORE"]=>
    string(1) "1"
    ["PWD"]=>
    string(4) "/app"
    ["PORT"]=>
    string(4) "5000"
    ["NODE_ENV"]=>
    string(10) "production"
    ["NODE_HOME"]=>
    string(17) "/app/.heroku/node"
    ["COMPOSER_VENDOR_DIR"]=>
    string(6) "vendor"
    ["HOME"]=>
    string(4) "/app"
    ["HEROKU_PHP_GRACEFUL_SIGTERM"]=>
    string(1) "1"
    ["COMPOSER_PROCESS_TIMEOUT"]=>
    string(1) "0"
    ["USER"]=>
    string(13) "herokuishuser"
    ["COMPOSER_MIRROR_PATH_REPOS"]=>
    string(1) "1"
    ["BUILDPACK_SSH_KEY"]=>
    string(410) "***"
    ["SHLVL"]=>
    string(1) "0"
    ["CURL_CONNECT_TIMEOUT"]=>
    string(2) "90"
    ["CURL_TIMEOUT"]=>
    string(3) "600"
    ["SELF_EXECUTABLE"]=>
    string(18) "/usr/bin/herokuish"
    ["COMPOSER_BIN_DIR"]=>
    string(10) "vendor/bin"
    ["WEB_MEMORY"]=>
    string(3) "512"
    ["WEB_CONCURRENCY"]=>
    string(1) "1"
    ["DOKKU_PROXY_PORT_MAP"]=>
    string(27) "http:80:5000 https:443:5000"
    ["STACK"]=>
    string(9) "heroku-20"
    ["DOKKU_LETSENCRYPT_EMAIL"]=>
    string(22) "admin@jungesmusical.de"
    ["PATH"]=>
    string(298) "/app/.heroku/node/bin:/app/.heroku/yarn/bin:/app/.heroku/bin:/app/.heroku/php/sbin:/app/.heroku/php/bin:/app/.heroku/php/bin:/app/.heroku/php/sbin:/app/.heroku/php/bin:/app/.heroku/php/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/app/vendor/bin:/app/bin:/app/node_modules/.bin"
    ["SELF"]=>
    string(6) "/start"
    ["GIT_REV"]=>
    string(40) "***"
    ["DYNO"]=>
    string(5) "web.1"
    ["DEBIAN_FRONTEND"]=>
    string(14) "noninteractive"
    ["BUILDPACK_GIT_LFS_REPO"]=>
    string(55) "git@github.com:jungesmusical/jungesmusical.de-dokku.git"
    ["OLDPWD"]=>
    string(1) "/"
    ["_"]=>
    string(29) "/app/.heroku/php/sbin/php-fpm"
    ["SCRIPT_NAME"]=>
    string(10) "/index.php"
    ["REQUEST_URI"]=>
    string(1) "/"
    ["QUERY_STRING"]=>
    string(0) ""
    ["REQUEST_METHOD"]=>
    string(3) "GET"
    ["SERVER_PROTOCOL"]=>
    string(8) "HTTP/1.1"
    ["GATEWAY_INTERFACE"]=>
    string(7) "CGI/1.1"
    ["REMOTE_PORT"]=>
    string(5) "59202"
    ["SCRIPT_FILENAME"]=>
    string(21) "/app/public/index.php"
    ["SERVER_ADMIN"]=>
    string(15) "you@example.com"
    ["CONTEXT_DOCUMENT_ROOT"]=>
    string(11) "/app/public"
    ["CONTEXT_PREFIX"]=>
    string(0) ""
    ["REQUEST_SCHEME"]=>
    string(4) "http"
    ["REMOTE_ADDR"]=>
    string(10) "172.17.0.1"
    ["SERVER_PORT"]=>
    int(80)
    ["SERVER_ADDR"]=>
    string(10) "172.17.0.5"
    ["SERVER_NAME"]=>
    string(26) "www.example.de"
    ["SERVER_SOFTWARE"]=>
    string(6) "Apache"
    ["SERVER_SIGNATURE"]=>
    string(0) ""
    ["HTTP_COOKIE"]=>
    string(153) "kirby_session=***"
  }
}

In contrast to that I have dumped the Headers that are accessible to PHP:

array(20) {
  ["Cookie"]=>
  string(153) "kirby_session=***"
  ["Accept-Language"]=>
  string(53) "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7,lb;q=0.6,la;q=0.5"
  ["Accept-Encoding"]=>
  string(17) "gzip, deflate, br"
  ["Sec-Fetch-Dest"]=>
  string(8) "document"
  ["Sec-Fetch-User"]=>
  string(2) "?1"
  ["Sec-Fetch-Mode"]=>
  string(8) "navigate"
  ["Sec-Fetch-Site"]=>
  string(4) "none"
  ["Accept"]=>
  string(135) "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
  ["User-Agent"]=>
  string(117) "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
  ["Upgrade-Insecure-Requests"]=>
  string(1) "1"
  ["Sec-Ch-Ua-Platform"]=>
  string(7) ""macOS""
  ["Sec-Ch-Ua-Mobile"]=>
  string(2) "?0"
  ["Sec-Ch-Ua"]=>
  string(66) ""Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104""
  ["Cache-Control"]=>
  string(9) "max-age=0"
  ["X-Request-Start"]=>
  string(14) "1661552534.563"
  ["X-Forwarded-Proto"]=>
  string(5) "https"
  ["X-Forwarded-Port"]=>
  int(443)
  ["X-Forwarded-For"]=>
  string(11) "89.1.216.14"
  ["Host"]=>
  string(26) "www.example.de"
  ["Authorization"]=>
  string(18) "Basic ***"
}

Is there a way for Kirby to know the X-Forwarded-Proto header? I also tried to set the ‘X-Forwarded-Ssl’ header which sadly didn’t work as well.

Have you tried to set the Url in your config? url | Kirby CMS

Thank you very much. That did the trick :heart_eyes:

It’s weird that the X-Forwarded-* headers don’t show up in the environment dump. What was the code you used for the second dump that contains all headers?

Hey,

I used the Kirby header function:

kirby()->request()->headers()

That’s weird…
$request->headers() also uses the $kirby->environment() data internally, which in turn comes from PHP’s $_SERVER variable by default.