Kirby in Dokku broken with recent update

The CMS Questions
1

We have a Kirby installation running in Dokku with the default heroku-buildpack-php. In this setup, Kirby is running in an Apache2 instance at port 5000, which is proxied by the main Nginx server managed by Dokku. This setup has been running perfectly for more than a year.

Every month or so, I update the composer package so it stays up-to-date. Last week I did another update, including one from PHP 7.4 to PHP 8.0. That’s when things started breaking. For some reason, Kirby is serving all panel assets over HTTP, while the app (in Nginx) is running on HTTPS. I suspect this is because Kirby guesses the protocol from Apache, which is running internally.

For a few days now I have been trying to debug this issue, but I can’t make it work. I even deleted the app completely from Dokku and built a new one from scratch. I also tried reverting back to PHP 7.4, but somehow that doesn’t work either.

Then I configured 'url' => 'https://sub.domain.com', which fixed the issues to an extent. But then I ran into many other errors copying the original accounts and sessions folders, so I’m running a clean install. That’s where I am now, with a pushState error from the installation path:

index.js:1 DOMException: Failed to execute 'pushState' on 'History': A history state object with URL 'http://sub.domain.com/panel/installation' cannot be created in a document with origin 'https://sub.domain.com' and URL 'https://sub.domain.com/panel/installation'.

Even though I’m forcing Kirby to use HTTPS, it’s still using HTTP there. Isn’t there a way to tell Kirby to always use HTTPS, regardless of the environment’s protocol?

UPDATE: If I disable HTTPS, everything works perfectly, so that’s clearly where the issue is. I’ve now managed to do the installation over HTTP, but after installing the cert, it’s broken again.

2

So I found a solution, although it feels a bit hackish. I’m now manually forcing PHP on HTTPS, before initializing Kirby:

<?php

include '../vendor/autoload.php';

$_SERVER['HTTPS'] = getenv('APP_ENV') == 'production';

echo (new Kirby)->render();

If anyone has a better solution, I’m all ears. For now, this seems to work as expected.

2 Likes
3

It’s great that you found a solution. We are currently also working on an official way to fix this. Sorry for the issue!

2 Likes
4

@texnixe pointed me to this thread from Mixed content issues with panel - #5 by texnixe as I’ve reverted to 3.5.x and php 7.4 to solve this on my end, I was just curious if there was an issue to track to know when updating to later packages is possible? I wasn’t able to find something in the github issue tracker.

1 Like
5

@bastianallgeier I was just curious if there were any updates to this as PHP 7.4 is reaching EOL in a few months (end of 2022).

I had to deploy this project again after some time and ran into the same issues with the latest versions and ended up having to revert as above.

6

Hello! I am running into this issue and the solution above isn’t working unfortunately.
Have there been any updates to this bug? Thank you!!