[Bug] ComicControl defaults to incorrect scheme when behind reverse proxy

[JulianWebb]

ComicControl v4.2.9

Description of Problem

When using ComicControl behind a reverse proxy (in this case, Traefik), it defaults to using the HTTP scheme on it's URLs rather than follow the scheme set in the root option during the installation process.

Steps to Reproduce

These steps assume you have a server running Docker v20.10.17 or later with the Compose Plugin and a Traefik container running and monitoring on the outbound network.

1. Create the following docker-compose.yml in the project directory

version: "3.7"

services:
  nginx:
    image: lscr.io/linuxserver/nginx:latest
    container_name: comiccontrol_nginx
    environment:
      - PUID
      - PGID
      - TZ
    volumes:
      - "./nginx:/config"
    networks:
      - comiccontrol
      - outbound
    restart: unless-stopped
    labels:
      - "traefik.http.routers.comiccontrol.rule=Host(`example.org`)"
      - "traefik.http.routers.comiccontrol.entrypoints=web,webSecure"
      - "traefik.http.routers.comiccontrol.service=comiccontrol"
      - "traefik.http.services.comiccontrol.loadbalancer.server.port=80"
    depends_on:
      - mariadb
  mariadb:
    image: lscr.io/linuxserver/mariadb:latest
    container_name: comiccontrol_mariadb
    environment:
      - PUID
      - PGID
      - TZ
      - MYSQL_ROOT_PASSWORD
      - MYSQL_DATABASE
      - MYSQL_USER
      - MYSQL_PASSWORD
    volumes:
      - "./mariadb:/config"
    networks:
      - comiccontrol
    restart: unless-stopped

networks:
  comiccontrol:
  outbound:
    external: true

(note: replace example.org with a valid domain under your control)

2. Populate .env in the same directory with the following variables:

Variable	Definition
PUID	The ID of the running user, generally want it to be the same as host server user (id -u)
PGID	The ID of the running group, generally want it to be the same as host server group (id -g)
TZ	The server's timezone (e.g. America/Vancouver)
MYSQL_ROOT_PASSWORD	The root password for your MariaDB instance
MYSQL_DATABASE	The database to create for ComicControl
MYSQL_USER	The user to create for ComicControl
MYSQL_PASSWORD	The password for the user for ComicControl

3. start the containers with docker compose up -d

4. unzip the latest comiccontrol zip into ${PWD}/nginx/www/

5. replace ${PWD}/nginx/nginx/site-conf/default.conf with the following

server {
    listen 80 default_server;

    root /config/www/;
    index index.php;

    server_name _;

    client_max_body_size 0;

    location / {
        try_files $uri /index.php?$uri&$args;
    }

    location /comiccontrol {
        try_files $uri /comiccontrol/index.php?$uri&$args;
    }    

    location ~ ^(.+\.php)(.*)$ {
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }
}

6. Stop the docker containers (docker compose down) and restart them

7. Go to example.org/comiccontrol/ to set up the install, make sure to configure the root to have the HTTPS scheme

8. Try using the site after install and find it's linking things as HTTP

Potential Solution

It seems the culprit is this function designed to disregard the scheme of the root value in favour of the one being use to request the document.

I would recommend dropping this function, either by trusting the root value's scheme or by utilizing the the relative reference resolution that dropping the scheme would provide (e.g. "//example.org")

[JulianWebb]

Changing the function to

	private function setProtocol($url){
		$baseurl = substr($url,strpos($url,'/'));
		return $baseurl;
	}

causes the site to work normally, though it does make some of the printed links look wrong.

[JulianWebb]

It looks like the RSS Builders run into a similar issue.