Support Center

Recent questions

About Koken

This Help Center provides support for Koken, a free content management system designed for photographers, artists and designers.

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

API Error with SSL reverse proxy and koken 0.22.20


May 06, 2017 07:39AM EDT

I have a koken setup with two servers:

Koken [ip:]: HTTP installation with nginx and php-fpm on port 80
Frontend [ip:]: SSL proxy that forwards connection to koken and which does SSL termination and which is available on the internet.

With this setup I'm getting Koken API Error: " The theme is not able to make contact with your Koken installation. Contact your host to see if they are blocking loopback connections. "

When looking at the logs I see that koken is able to connect to the server: - - [06/May/2017:11:12:10 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03;(\xD1\xC02Al\x1C\xF9\x1C\xAA\xFE\xDE\x95\xAE\x09\xBA<\x90\xDD[\xE3C1[.\x07\xD6`\xEB\xB3\xB7\x00\x00\x9E\xC00\xC0,\xC0(\xC0$\xC0\x14\xC0" 400 182 "-" "-" - - [06/May/2017:11:12:10 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03N\x944x\x07\xC61\x97r\xC8l.\x8D@)7\x82aE\x05\x07\x99KK\xC5\x88Ib\x03\x1BD\xFD\x00\x00\x9E\xC00\xC0,\xC0(\xC0$\xC0\x14\xC0" 400 182 "-" "-" - - [06/May/2017:11:12:10 +0000] "GET / HTTP/1.0" 200 511 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0) Gecko/20100101 Firefox/53.0"

We see that the frontend is making a connection to Koken. This triggers a couple of API calls in the backend with a weird URL strings.

Judging from the protocol it looks like as if the CURL backend service tries to access port HTTPS over the HTTP connection. I was able to resolve this issue by forcing 'http' in the CURLOPT_URL line in Koken.php:

# diff app/site/Koken.php modified.php
< curl_setopt($curl, CURLOPT_URL, 'http' . '://' . $host . self::$location['real_root_folder'] . '/api.php?' . $url);
> curl_setopt($curl, CURLOPT_URL, self::$protocol . '://' . $host . self::$location['real_root_folder'] . '/api.php?' . $url);

This way I force koken to access the website over the loopback.
Is there a better way to correct this? It seems that `self::$protocol` should be detected from the php connection.

This question has received the maximum number of answers.
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found