starred/SignTools
1
0
Fork 0
mirror of https://github.com/SignTools/SignTools.git synced 2026-04-26 02:15:54 +03:00
Code Issues 20 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #88] Forced HTTPS redirection #43

New issue
Closed
opened 2026-03-04 00:23:23 +03:00 by kerem · 2 comments
kerem commented 2026-03-04 00:23:23 +03:00
Owner
Copy link

Originally created by @kevin-ta on GitHub (Aug 2, 2021).
Original GitHub issue: https://github.com/SignTools/SignTools/issues/88

I tried basic troubleshooting first

Describe the bug

I'm using the docker version of ios-signer-service with port 8080->42270.
Accessing the website via my Nginx reverse proxy gives ERR_TOO_MUCH_REDIRECT with Chrome with a lot of HTTP 302.
When testing with curl http://127.0.0.1:42270 -L -vvv, here is the encountered error:

curl http://127.0.0.1:42270 -L -vvv                                      
* Expire in 0 ms for 6 (transfer 0x5649d127aee0)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5649d127aee0)
* Connected to 127.0.0.1 (127.0.0.1) port 42270 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:42270
> User-Agent: curl/7.64.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Location: https://127.0.0.1:42270/
< Date: Mon, 02 Aug 2021 03:41:56 GMT
< Content-Length: 0
< 
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'https://127.0.0.1:42270/'
* Hostname 127.0.0.1 was found in DNS cache
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5649d127aee0)
* Connected to 127.0.0.1 (127.0.0.1) port 42270 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 1
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Adding redirect_https: false to signer-cfg.yml does not work as this line is removed from the file on docker run.

To reproduce
Proceed to a fresh installation with the image, use the default signer-cfg.yml.

Expected behavior
Connecting to http://127.0.0.1:8080 should not automatically redirect to https://127.0.0.1:8080. The HTTPS redirection seems forced despite having the possibility to disable it.

System configuration

  • ios-signer-service version: 2.4.4
  • Installation type: computer, nginx
  • Builder type: ios-signer-ci
  • Builder version: be43996
Originally created by @kevin-ta on GitHub (Aug 2, 2021). Original GitHub issue: https://github.com/SignTools/SignTools/issues/88 **I tried basic troubleshooting first** - [X] Updated **both** [ios-signer-service](https://github.com/SignTools/ios-signer-service) **and** the builder ([ios-signer-ci](https://github.com/SignTools/ios-signer-ci) or [ios-signer-builder](https://github.com/SignTools/ios-signer-builder)) to the latest version - [X] Read through the [FAQ page](https://github.com/SignTools/ios-signer-service/blob/master/FAQ.md) **Describe the bug** I'm using the docker version of ios-signer-service with port `8080->42270`. Accessing the website via my Nginx reverse proxy gives `ERR_TOO_MUCH_REDIRECT` with Chrome with a lot of HTTP 302. When testing with `curl http://127.0.0.1:42270 -L -vvv`, here is the encountered error: ``` curl http://127.0.0.1:42270 -L -vvv * Expire in 0 ms for 6 (transfer 0x5649d127aee0) * Trying 127.0.0.1... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x5649d127aee0) * Connected to 127.0.0.1 (127.0.0.1) port 42270 (#0) > GET / HTTP/1.1 > Host: 127.0.0.1:42270 > User-Agent: curl/7.64.0 > Accept: */* > < HTTP/1.1 302 Found < Location: https://127.0.0.1:42270/ < Date: Mon, 02 Aug 2021 03:41:56 GMT < Content-Length: 0 < * Connection #0 to host 127.0.0.1 left intact * Issue another request to this URL: 'https://127.0.0.1:42270/' * Hostname 127.0.0.1 was found in DNS cache * Trying 127.0.0.1... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x5649d127aee0) * Connected to 127.0.0.1 (127.0.0.1) port 42270 (#1) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * error:1408F10B:SSL routines:ssl3_get_record:wrong version number * Closing connection 1 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number ``` Adding `redirect_https: false` to `signer-cfg.yml` does not work as this line is removed from the file on `docker run`. **To reproduce** Proceed to a fresh installation with the image, use the default signer-cfg.yml. **Expected behavior** Connecting to `http://127.0.0.1:8080` should not automatically redirect to `https://127.0.0.1:8080`. The HTTPS redirection seems forced despite having the possibility to disable it. **System configuration** - ios-signer-service version: 2.4.4 - Installation type: computer, nginx - Builder type: ios-signer-ci - Builder version: [be43996](https://github.com/SignTools/ios-signer-ci/commit/be43996a24ef5429a31a21b871cbbbc0008cbeab)
kerem 2026-03-04 00:23:23 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@ViRb3 commented on GitHub (Aug 2, 2021):

Hello, thanks for the detailed report. redirect_https: false is a default option - it should be automatically added to your config file on every run, even if you delete it, unless you just changed it to true. If a line is automatically deleted from the config file, that means the program did not recognize it - it's either in the wrong place/indentation, or it has a wrong name. I just tested both a Docker instance and a standalone instance with v2.4.4. Both had redirect_https: false by default, and the line worked as expected - no redirection was performed at all. It's a very strange issue you're having - are you sure you are running v2.4.4 and your nginx conf doesn't do any redirects instead? Try running the program without a config file - it should generate you a default template file, just add your stuff to that template and see how it goes.

<!-- gh-comment-id:891240346 --> @ViRb3 commented on GitHub (Aug 2, 2021): Hello, thanks for the detailed report. `redirect_https: false` is a default option - it should be automatically added to your config file on every run, even if you delete it, unless you just changed it to `true`. If a line is automatically deleted from the config file, that means the program did not recognize it - it's either in the wrong place/indentation, or it has a wrong name. I just tested both a Docker instance and a standalone instance with v2.4.4. Both had `redirect_https: false` by default, and the line worked as expected - no redirection was performed at all. It's a very strange issue you're having - are you sure you are running v2.4.4 and your nginx conf doesn't do any redirects instead? Try running the program without a config file - it should generate you a default template file, just add your stuff to that template and see how it goes.
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@kevin-ta commented on GitHub (Aug 3, 2021):

Ok so it appeared that docker didn't pull the latest image. The one I got was 2 months ago and it is now working. The weird thing is, even if the image I got was 2 months older, it suddenly stopped working recently. I think we can just close the issue. Thank you.

<!-- gh-comment-id:891481578 --> @kevin-ta commented on GitHub (Aug 3, 2021): Ok so it appeared that docker didn't pull the latest image. The one I got was 2 months ago and it is now working. The weird thing is, even if the image I got was 2 months older, it suddenly stopped working recently. I think we can just close the issue. Thank you.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/npm_and_yarn/prettier-3.8.2
dependabot/docker/golang-1.26.2-alpine
dependabot/github_actions/docker/build-push-action-7.1.0
dependabot/go_modules/golang.org/x/crypto-0.50.0
dependabot/github_actions/docker/login-action-4.1.0
dependabot/github_actions/actions/setup-go-6.4.0
dependabot/go_modules/github.com/rs/zerolog-1.35.0
dependabot/go_modules/golang.org/x/oauth2-0.36.0
dependabot/github_actions/docker/metadata-action-6.0.0
dependabot/github_actions/docker/setup-buildx-action-4.0.0
dependabot/github_actions/docker/setup-qemu-action-4.0.0
dependabot/go_modules/github.com/labstack/echo/v4-4.15.1
dependabot/github_actions/goreleaser/goreleaser-action-7.0.0
dependabot/docker/alpine-3.23.3
dependabot/github_actions/actions/checkout-6.0.2
develop
v3.0.11
v3.0.10
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.6.2
v2.6.1
v2.6.0
v2.5.21
v2.5.20
v2.5.19
v2.5.18
v2.5.17
v2.5.16
v2.5.15
v2.5.14
v2.5.13
v2.5.12
v2.5.11
v2.5.10
v2.5.9
v2.5.8
v2.5.7
v2.5.6
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.18
v2.4.17
v2.4.16
v2.4.15
v2.4.14
v2.4.13
v2.4.12
v2.4.11
v2.4.10
v2.4.9
v2.4.8
v2.4.7
v2.4.6
v2.4.5
v2.4.4
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.15
v2.3.14
v2.3.13
v2.3.12
v2.3.11
v2.3.10
v2.3.9
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.1
v2.0.0
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.0
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.1
v1.0.0
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
enhancement
enhancement
good first issue
help wanted
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/SignTools#43
No description provided.