We have CM1 running behind an nginx proxy, with CM1 listening on port 9992 and nginx listening on 443, doing SSL, and proxying to CM1. We wanted to serve CM1 on the standard HTTPS port with SSL, and from looking around here and talking to our coach, it seemed proxying was the way to go. Proxying also integrates well with our overall web server system.
So far, proxying has been dead-easy to set up. Almost everything in CM1 plays nice with the proxy with very little work on our end. However, we have one issue, that we believe is linked to proxying. We mainly believe it’s linked to proxying because connecting to CM1 directly on 9992 doesn’t have this problem.
When a user inserts an image into a rich text widget using the “Insert/edit image” button in TinyMCE, the link appears in the TinyMCE editor window as a broken image. When the changes to the widget are saved, the image shows up fine in the CM1 preview–but if the widget is edited again, the image is broken again. So the image is broken in the TinyMCE editor.
The protocol and host for the image’s src attribute is always http://127.0.0.1:9992
, which explains why the image is broken. If you change the image src to an https:// protocol and CM1’s host on the default port, it works fine. So for some reason, CM1 is not putting the proper protocol and host in the TinyMCE image reference, although the rest of CM1 seems to work fine behind the proxy.
At first glance, it seems like this is an issue with our proxy config. 127.0.0.1:9992 is the address nginx is proxying to. Here’s the relevant portion of our nginx config:
listen 443 ssl;
location / {
proxy\_pass http://127.0.0.1:9992/;
}
# Other stuff
} ```
As you can see, we're not explicitly adding a host header to the proxy request, and perhaps that's confusing CM1. However, if we do add a host header, like so...
``` location / {
proxy\_set\_header Host cm1.example.com;
proxy\_pass http://127.0.0.1:9992/;
} ```
...CM1's login breaks. You can get to the login page fine, but once you submit, you end up at ``` /Rhythmyx/sys_welcome/rxlogin.html#nocache=v1 ``` with a "Select a Community" form with one option. If you submit that form, you get sent to ``` 127.0.0.1:9992 ``` again, which, of course, breaks.
Anyway, many words to describe a simple problem. I'm unsure if this is a problem with our proxy config, or a problem with CM1. On one hand, everything in CM1 seems to work fine behind the proxy except for this, so it seems to suggest an issue within CM1. On the other hand, there could easily be something wrong with our config, especially since I'm not passing any extra headers. What headers is CM1 looking for, and is there anything wrong with my config? How can we get this fixed?
Thanks for taking the time to read!