Gitlab-ce css and js not found with ssl - ssl

I have installed Gitlab-ce on Rapsberry Pi 4 (4gb) and I run it with Apache2.
When I run it with http, like with address http://git.home.lan/gitlab, it works just fine.
When I try to use https though, it loads the gitlab and even the projects, but it cannot find the css or the js in the /assets/ path.
Some files, like https://git.home.lan/gitlab/assets/highlight/themes/white-3144068cf4f603d290f553b653926358ddcd02493b9728f62417682657fc58c0.css fail with 404 not found.
When I try to manually enter the css path with the browser though, I get a blank page, but the browser console says
The character encoding of the plain text document was not declared.
The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range.
The character encoding of the file needs to be declared in the transfer protocol or file needs to use a byte order mark as an encoding signature.
When I enter the css path with http, it loads normally.
The configuration in apache2 sites-available conf is as follows:
ProxyPass /gitlab http://127.0.0.1:9099/gitlab
ProxyPassReverse /gitlab http://127.0.0.1:9099/gitlab
RequestHeader add X-Forwarded-Proto https
The gitlab.rb has the following content:
external_url 'https://git.home.lan/gitlab'
web_server['username'] = 'apache' #'gitlab-www'
web_server['group'] = 'apache' #'gitlab-www'
nginx['enable'] = false
unicorn['listen'] = '127.0.0.1'
unicorn['port'] = 9099
git_data_dirs({
"default" => {
"path" => "/mnt/[path_omitted]/git-data"
}
})
The working http setup is really the same with https replaced with http.
I have found some related issues, but nothing exactly identical, and thus the solutions have not worked either.
Ps. I have really no idea if this is a stackoverflow or raspberrypi.stackexchange or superuser case or even a gitlab issue, because I do not fully understand the cause. I chose stackoverflow based on the other questions posed here, but if you think this was the wrong forum, please be civil about it and I will move it.

Related

How to configure Apache 2.4 to use 'content negotiation' in order to serve webp images?

In my HTML file there are several <img src="images/<filename>.jpeg">
The directory "images" holds these files:
<filename>.jpeg
as well as
<filename>.webp
and
<filename>.jpeg.webp
The latter two are identical webp versions of the jpeg file.
Now I want to configure Apache 2.4 on Oracle Linux 8.6 for 'content negotiation'. I am expecting that Apache returns a .webp file instead of the requested .jpeg file, if the browser supports .webp. I don't want to use the HTML <picture> tag or 'srcset' for several reasons, but leave the code untouched.
I have found several promissing configuration examples for nginx, but unfortunatly only litte on Apache:
https://gist.github.com/sergejmueller/5500879
https://stackoverflow.com/a/58857260/4335480
These two links outline 'rewrites' that are to go to the .htaccess file in the /images directory. I tried them both as '.htaccess' in the 'image' directory and it didn't work. I also put them directly in the httpd.conf and it didn't work either. And I tried these lines in the root directory's .htaccess
'AllowOverride All' is included in all section. Even the 'images' directory is explicitly listed.
In Chrome Dev Tools I verified that the request headers include 'image/webp'.
Probably not necessary: In my despair I have disabled nosniff on the Apache server and verified in the response header that it isn't set.
Whatever I try, the server only returns the jpeg file. I can verify this not only by the file name but also by the content-length field in the response header.
So what can I do to have Apache serve avif, webp and (fall back) jpeg in that order, whenever a jpeg file is requested?
Found the error myself. Note to self: don't just copy code snippets to use them. Read and understand them to find errors or identify necessary adaptions.
Vincent Orback's code is often cited for this problem, so I blindly trusted and used it: https://github.com/vincentorback/WebP-images-with-htaccess
It contains the following line:
RewriteCond %{DOCUMENT_ROOT}/$1.webp -f
The outcome is that .webp images are only searched for in the web server root directory. On my site, images are in a subdirectory called 'images'.
Trying to load an image in the browser would fail (deliver the jpeg, not the webp version):
https://<my domain>/images/<image name>.jpeg
But after altering above line to
RewriteCond %{DOCUMENT_ROOT}/images/$1.webp -f
eventually everything worked!
All the other things were unnecessary. You only need one AllowOverride All before the virtual host containers for <Directory / > and all servers and subdirectories would have .htaccess enabled, if present. For this problem, only one .htaccess in the image subdir was necessary, none in the root and no special httpd.conf entries. I turned nosniff on again. The alternativ .webp files just need the extention .webp, not .jpeg.webp

Apache Server not serving SVGs

What settings do I need to set in order to make Apache serve SVGs?
What I found:
These questions document the use of .htaccess to serve the SVGs with the correct MIME type "image/svg+xml" SVG images not displaying on certain web servers / https://mid.as/kb/00134/configuring-server-to-handle-svg-images / https://davidwalsh.name/serve-svg-image
This question handles the Requested URL not found
None of these helped resolve this issue.
Files:
.htaccess:
AllowOverride All
RewriteEngine on
AddType image/svg+xml svg
Folder structure:
Result:
Other:
Different files like .png work. I also tested it with Node (npx http-server) which worked.
AFAICR any recent version of Apache should have the SVG MIME type already configured. You shouldn't have to do it yourself unless you are running a very old version.
Anyway, a misconfigured MIME type wouldn't casue a 404. I think something else must be going on.
If you haven't already, try looking at the Network tab in your browser dev tools, and the Apache access log to check whether you are actually fetching the URL you think you are. And check that the file permissions are set correctly. Does the file have the correct owner, group, and permissions to be accessed by apache?

Need to configure .htaccess, so multiple folders will act as if they are their own separate root folders - for the code running on them

For example:
mydomain.com/site1
mydomain.com/site2
I need to install an application on /site1 that will think that it is on the root folder. (In this case PHP, js, CodeIgniter, but could be anything)
So for example, links/references for files such as "/file.jpg" (in code that is in the site1 folder, such as at mydomain.com/site1/code.js) will really load from mydomain.com/site1/file.jpg
And also the code would not be able to see any folder below site1, so that is basically the root folder. And similar thing would be at site2, so the 2 are separate root folders.
I thought this would be some kind of simple .htaccess file installed at mydomain.com/site1 with a redirect, or some kind of a reverse proxy, but so far everything I tried did not work.
I can't seem to find even any such example even on stack overflow..
Any ideas?
The easiest way to do this would be to create an additional VirtualHost, for internal use, called internal1, whose RootDirectory is, you guessed it, /var/www/mydomain.com/htdocs/site1 where the main site is in /var/www/mydomain.com/htdocs.
Then in mydomain.com you reverse proxy /site1 to internal1 (you'll have to put it into /etc/hosts and alias for localhost). The second request will have its DOCUMENT_ROOT point to site1, as requested (and its ServerName changed to internal1):
ProxyPass /site1/ http://internal1/
ProxyPassReverse /site1/ http://internal1/
(Not sure about the trailing slashes)
Now, accessing yourdomain.com/site1/joe.html will trigger a second internal connection to internal1/joe.html, which will contain, say, 'src="/joe.jpg"'; and here's where ProxyPassReverse will come into play, rewriting this in 'src="yourdomain.com/site1/joe.jpg"' so that everything will work.
errata corrige
The above is not correct, thanks #MrWhite for pointing this out. ProxyPassReverse is not enough as it only rewrites headers. From the Apache documentation (emphasis mine):
Only the HTTP response headers specifically mentioned above will be
rewritten. Apache httpd will not rewrite other response headers, nor
will it by default rewrite URL references inside HTML pages. This
means that if the proxied content contains absolute URL references,
they will bypass the proxy. To rewrite HTML content to match the
proxy, you must load and enable mod_proxy_html.
(The method is dirty as all Hell: every HTTP call incurs one extra connection and two rewrites, one going in, a larger one going out).
Of course, if the link is built using e.g. Javascript, it might well be that the proxy code will not recognize it as a link, will leave it unchanged, maybe with the "internal1" name inside somewhere, and the app will break.
However, #arkascha has the right of it - you should cure the cause, not the symptom. You can maybe rewrite the environment of the apps so that they run without troubles even if they are in a subdirectory. Or you could try injecting <base href="https://example.com/site1"> in the output HTML.

Unable to add header on Apache webserver hosted by azure

I am trying to enable Anti clickjacking on a website hosted by Azure.
Its a shared hosting package run on Apache server. Problem is that i cant find the correct conf file to modify and add this line of code to:
header always set x-frame-options "SAMEORIGIN"
we found a file called apache2.conf and added this but after restarting apache server the line is removed from the conf.
Anyone any ideas what i can do ?
The header code you are trying to add should be applied to a .htaccess file, placed in the folder where you want the action to happen. In your case it's likely the root of your site.
Be warned, though, that I've just ran in to an issue whereby mod_headers.c are not enabled in my container. So even if you put the code above in to a .htaccess file, it still may not work.
I'm interested in knowing where you found the apache2.conf file though. I can't see that on mine (but that may be due to me replying a custom docker container).

Apache configuration: automatic renaming of "file:///C:/xampp/htdocs/" to "localhost" in url when opening a local html file

I'm new to web development so bear with me. I might be missing something despite all my searches.
When I open an html file (of course from a directory served by Apache), it opens in a browser but the url is:
file:///C:/xampp/htdocs/path/to/file.html
This way it does not get served by Apache, so for that to work I have to rename the host-part of the path to the host's name. So if the host-path is
C:/xampp/htdocs/
then I have to rename that part of the url to the hostname, in this case "file:///C:/xampp/htdocs/path/to/file.html" must be renamed to "localhost/path/to/file.html" if Apache is to serve the page.
I've tried adding a virtual host that includes the "file:///" in its path but that crashes Apache (and xampp).
Question: Is there a way to avoid this manual renaming of urls when opening local html files to be served by Apache?
I know it's been a while since this thread had any activity, but I've created a Chrome extension exactly for this scenario.
The name is Localhost Automate, and it redirects the developer to http://localhost according to a predefined folder.
https://chrome.google.com/webstore/detail/localhost-automate/pplnfonehjimoddpmnhldhkgojhkjcfh
And there's also the github repo; https://github.com/Ardethian/localhost_automate
Made a little "url2hostname" extension to chrome that saves me the 1.42 seconds of url clicking and renaming every time i open a local html file in chrome. I'll write it down for consistency and repetition.
I have a virtual host set up for a dropbox directory. So in httpd-vhosts.conf:
<VirtualHost *>
DocumentRoot "C:\Users\hns\Dropbox\Webb"
ServerName localhost
<Directory "C:\Users\hns\Dropbox\Webb>
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory> </VirtualHost>
So in "C:\Users\hns\Dropbox\Webb" is where I keep lots of webpages that I just want to test locally (and they must be served by apache to work properly). When I open them in chrome the url gets messed up like "file:///C:/Users/hns/Dropbox/Webb/f/index.html" for example. So in this case I have to select the "file:///C:/Users/hns/Dropbox/Webb"-part of the url and rename that to the servername so it becomes: "http://locahost/f/index.html".
So when I've opened a local html file and click the chrome extension it just replaces the path and protocol in the url and goes to the resulting url (which is then loaded correctly):
chrome.browserAction.onClicked.addListener(function() {
chrome.tabs.query({'active': true, 'currentWindow': true}, function (tabs) {
var currentURL = tabs[0].url;
newURL = currentURL.replace("file:///C:/Users/hns/Dropbox/Webb", "http://localhost");
chrome.tabs.update(tabs[0].id, {url: newURL});
})
});
Hey, at least I learned something :)
EDIT:
The real problem was not Apache but Chrome and cross origin:
Due to the "same origin policy", sometimes sites content cannot be properly displayed locally. So in my case the problem could have been solved by just turning that policy off by starting chrome from a shortcut with flags like –allow-file-access-from-files or
–disable-web-security.
I found a better way, no extensions needed, and works for every browser.
Edit httpd-vhosts.conf file (In my system E:\xampp\apache\conf\extra and edit httpd-vhosts.conf)
Add the below lines and save the file, don't delete anything
"VirtualHost *:80
ServerName localhost
ServerAlias localhost
DocumentRoot e:/xampp/htdocs //or whatever link you want//
/VirtualHost"
Restart Xampp