Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69074

New installation fails behind load balancer

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.5.13, 3.7.7, 3.8.4, 3.9, 3.10
    • Fix Version/s: 3.5.14, 3.7.8, 3.8.5, 3.9.2
    • Component/s: Installation
    • Labels:
    • Testing Instructions:
      Hide

      Requirements

      1. ngrok

      Before patch (to reproduce the problem). It's enough to do it just with 1 branch.

      1. Create, using your favorite tool (mdk...) a new site (mysql).
      2. run ngrok http 80 and annotate the "Forwarding" url (the http one).
      3. Once it's installed, edit config.php and set:
        1. $CFG->prefix to "pre_" (instead of "mdl_").
        2. $CFG->wwwroot to the url annotated in the previous point.

          (it should look like this, but with the values commented above)
          $CFG->prefix    = 'abc_';
          $CFG->wwwroot   = 'http://60c21ab8f6df.ngrok.io/path/to/site';
          

        3. Save changes.
      4. Point your browser to the site URL.
      5. Verify that you see the "Copyright notice" page. Click continue.
      6. Verify that you see the "Server checks" page. Click continue.
      7. Verify that all the installation happens (it's a long process). At the end, click continue.
      8. Verify that you get the "Installation must be finished from the original IP address, sorry." error page (this is the problem being fixed here).

      After patch (to verify the problem is solved). To be done with all branches (35, 37, 38, 39 and master).

      1. Repeat steps 1-7 above, you only need to change the $CFG->prefix value to a different one for every branch (for example "m35_", "m36_"... and so on).
      2. Verify that you see the page where the admin details (username, pass...) are introduced, not the error one in step #8 above.
      Show
      Requirements ngrok Before patch (to reproduce the problem). It's enough to do it just with 1 branch. Create, using your favorite tool (mdk...) a new site (mysql). run ngrok http 80 and annotate the "Forwarding" url (the http one). Once it's installed, edit config.php and set: $CFG->prefix to "pre_" (instead of "mdl_" ). $CFG->wwwroot to the url annotated in the previous point. (it should look like this, but with the values commented above) $CFG->prefix = 'abc_'; $CFG->wwwroot = 'http://60c21ab8f6df.ngrok.io/path/to/site'; Save changes. Point your browser to the site URL. Verify that you see the "Copyright notice" page. Click continue. Verify that you see the "Server checks" page. Click continue. Verify that all the installation happens (it's a long process). At the end, click continue. Verify that you get the "Installation must be finished from the original IP address, sorry." error page (this is the problem being fixed here). After patch (to verify the problem is solved). To be done with all branches (35, 37, 38, 39 and master). Repeat steps 1-7 above, you only need to change the $CFG->prefix value to a different one for every branch (for example "m35_", "m36_"... and so on). Verify that you see the page where the admin details (username, pass...) are introduced, not the error one in step #8 above.
    • Affected Branches:
      MOODLE_310_STABLE, MOODLE_35_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-69074-master

      Description

      This is probably caused by MDL-67861 (which I can't see). The new default getremoteaddrconf setting is 3 (GETREMOTEADDR_SKIP_HTTP_X_FORWARDED_FOR|GETREMOTEADDR_SKIP_HTTP_CLIENT_IP), allowing REMOTE_ADDR only by default. However, the default behavior in getremoteaddr() when no config value is set (during an installation for example) is still 0 (HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR allowed, in that order). If you install a clean Moodle installation behind a load balancer, your actual IP gets logged when you start the installation, because HTTP_X_FORWARDED_FOR is allowed. When you go to complete the installation you encounter error/admin/installhijacked, because the default config is now in place and Moodle is detecting the load balancer IP.

        Attachments

        1. install_exception.png
          install_exception.png
          41 kB
        2. Screenshot_1.png
          Screenshot_1.png
          137 kB
        3. Screenshot_2.png
          Screenshot_2.png
          88 kB

          Issue Links

            Activity

              People

              Assignee:
              cfulton Charles Fulton
              Reporter:
              cfulton Charles Fulton
              Peer reviewer:
              Marina Glancy
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Janelle Barcega
              Participants:
              Component watchers:
              Matteo Scaramuccia, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              3 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                14/Sep/20

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 hours, 20 minutes
                  4h 20m