User Sign-up Connection Reset Error When Behind Reverse Proxy

I've just done a pristine install of CB on Joomla 4.1. It's sitting behind a reverse proxy (HAProxy) for security and networking purposes. For some reason, I'm getting a Connection Reset error when trying to do a new user sign-up from outside of the proxy. It happens when submitting the first registration form. The user does not get created in the process.

I am able to bypass the proxy from the inside and the registration process then works as expected.

Also, everything else on the site appears to be working as expected from outside of the reverse proxy. It is only the new user sign-up that has this problem. I can't seem to figure out what is going on that is wrong. I have verified all Joomla settings are correct per their documentation (really only SEFs and enabling the "Behind a Reverse Proxy" setting. Similarly, HAProxy has cookie based sticky sessions set up and these appear to also be working as they should. Remember, everything else on the site seems to be working fine.

Not sure where to look next. I can supply full configurations as needed.

Enable debug mode and maximum error reporting in Joomla global configuration. Once done retry and see if any errors output to your servers error log around the time of the registration. It's possible it's the spoof checking causing this which you can try turning off in CB > Configuration > Integrations.

Additional Info. Here's the last entry in the reverse proxy log file (logging at the [info] level). Note there is no error. Only the post command is shown:

Feb 16 09:59:53 localhost haproxy[8950]: 192.168.1.123:63759 [16/Feb/2022:09:58:32.027] joomla_front joomla_back/spikejoomlaweb 0/0/1/21357/81360 408 393 - - sDVN 1/1/0/0/0 0/0 "POST /index.php?option=com_comprofiler&view=saveregisters&Itemid=111 HTTP/1.1"

After this, I get the connection was reset error. Looking for logs on the Joomla server next...

OK - I turned on logging as requested. I'm getting the following constantly:

Deprecated: explode(): Passing null to parameter #2 ($string) of type string is deprecated in /var/www/html/components/com_comprofiler/plugin/user/plug_cbautoactions/cbautoactions.php on line 50

I also turned off spoof checking as suggested. Doesn't seem to have impacted anything. I'll also search other parameters in Joomla to see if anything similar could be causing the problem.

Hope this is helpful!

Some additional info and behavior. This leads me to believe there is something with the sign-up page that is causing the problem. What I did was to bypass the reverse proxy from the inside using the local IP address of the server. I was able to successfully submit the signup form. I received an activation email as expected. That email included a link to the server using the IP address as opposed to the host name.

I edited that link to change the IP address back to the outside server name, so as to make sure I was going through the reverse proxy, and then submitted that as my activation URL. Success!! The activation link worked and I was then able to login and see things as usual with the new test account.

This tells me the problem is almost assuredly somewhere in the login / sign-up module, and not with the reverse proxy. The question now, is what is happening.

Deprecated: explode(): Passing null to parameter #2 ($string) of type string is deprecated in /var/www/html/components/com_comprofiler/plugin/user/plug_cbautoactions/cbautoactions.php on line 50

PHP 8.1 deprecation notice. Nothing to worry about as it won't cause anything to fail and we're already working on fixing all of these.

That email included a link to the server using the IP address as opposed to the host name.

That's a bit strange. We use the live site URL given to use by Joomla's API. This is either the domain the registration was made on or whatever the value is in configuration.php for live_site. My guess is your bypass test is why it was sent like that.

This tells me the problem is almost assuredly somewhere in the login / sign-up module, and not with the reverse proxy. The question now, is what is happening.

We've nothing specific in our code for proxies. I've never even tried a reverse proxy with Joomla so I've no idea. Try the below edit to disable our spam checks, spoof checks, and HTTPS checks.

IN: /components/com_comprofiler/comprofiler.php
ON: Line 973 - 975
FROM: TO:
My best guess is one of those checks is why it's failing.