Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69074

New installation fails behind load balancer

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 3.5.13, 3.7.7, 3.8.4, 3.9, 3.10
    • 3.5.14, 3.7.8, 3.8.5, 3.9.2
    • Installation
    • MOODLE_310_STABLE, MOODLE_35_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • MOODLE_35_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • MDL-69074-master
    • Hide

      Requirements

      1. ngrok

      Before patch (to reproduce the problem). It's enough to do it just with 1 branch.

      1. Create, using your favorite tool (mdk...) a new site (mysql).
      2. run ngrok http 80 and annotate the "Forwarding" url (the http one).
      3. Once it's installed, edit config.php and set:
        1. $CFG->prefix to "pre_" (instead of "mdl_").
        2. $CFG->wwwroot to the url annotated in the previous point.

          (it should look like this, but with the values commented above)
          $CFG->prefix    = 'abc_';
          $CFG->wwwroot   = 'http://60c21ab8f6df.ngrok.io/path/to/site';
          

        3. Save changes.
      4. Point your browser to the site URL.
      5. Verify that you see the "Copyright notice" page. Click continue.
      6. Verify that you see the "Server checks" page. Click continue.
      7. Verify that all the installation happens (it's a long process). At the end, click continue.
      8. Verify that you get the "Installation must be finished from the original IP address, sorry." error page (this is the problem being fixed here).

      After patch (to verify the problem is solved). To be done with all branches (35, 37, 38, 39 and master).

      1. Repeat steps 1-7 above, you only need to change the $CFG->prefix value to a different one for every branch (for example "m35_", "m36_"... and so on).
      2. Verify that you see the page where the admin details (username, pass...) are introduced, not the error one in step #8 above.
      Show
      Requirements ngrok Before patch (to reproduce the problem). It's enough to do it just with 1 branch. Create, using your favorite tool (mdk...) a new site (mysql). run ngrok http 80 and annotate the "Forwarding" url (the http one). Once it's installed, edit config.php and set: $CFG->prefix to "pre_" (instead of "mdl_" ). $CFG->wwwroot to the url annotated in the previous point. (it should look like this, but with the values commented above) $CFG->prefix = 'abc_'; $CFG->wwwroot = 'http://60c21ab8f6df.ngrok.io/path/to/site'; Save changes. Point your browser to the site URL. Verify that you see the "Copyright notice" page. Click continue. Verify that you see the "Server checks" page. Click continue. Verify that all the installation happens (it's a long process). At the end, click continue. Verify that you get the "Installation must be finished from the original IP address, sorry." error page (this is the problem being fixed here). After patch (to verify the problem is solved). To be done with all branches (35, 37, 38, 39 and master). Repeat steps 1-7 above, you only need to change the $CFG->prefix value to a different one for every branch (for example "m35_", "m36_"... and so on). Verify that you see the page where the admin details (username, pass...) are introduced, not the error one in step #8 above.

    Description

      This is probably caused by MDL-67861 (which I can't see). The new default getremoteaddrconf setting is 3 (GETREMOTEADDR_SKIP_HTTP_X_FORWARDED_FOR|GETREMOTEADDR_SKIP_HTTP_CLIENT_IP), allowing REMOTE_ADDR only by default. However, the default behavior in getremoteaddr() when no config value is set (during an installation for example) is still 0 (HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR allowed, in that order). If you install a clean Moodle installation behind a load balancer, your actual IP gets logged when you start the installation, because HTTP_X_FORWARDED_FOR is allowed. When you go to complete the installation you encounter error/admin/installhijacked, because the default config is now in place and Moodle is detecting the load balancer IP.

      Attachments

        1. install_exception.png
          install_exception.png
          41 kB
        2. Screenshot_1.png
          Screenshot_1.png
          137 kB
        3. Screenshot_2.png
          Screenshot_2.png
          88 kB

        Issue Links

          Activity

            People

              cfulton Charles Fulton
              cfulton Charles Fulton
              Marina Glancy Marina Glancy
              Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
              Janelle Barcega Janelle Barcega
              Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
              Votes:
              3 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                14/Sep/20

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 hours, 20 minutes
                  4h 20m