Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with Reverse Proxies and Disable External Access #2404

Closed
liaralabs opened this issue Jan 11, 2018 · 3 comments
Closed

Issue with Reverse Proxies and Disable External Access #2404

liaralabs opened this issue Jan 11, 2018 · 3 comments
Labels
Confirmed

Comments

@liaralabs
Copy link

Jackett version: 0.8.578.0
Mono version (if not using Windows): 5.4.1.6

Hey there, dev of swizzin here. I have included the jackett package in my scripts and a user reported to me today that downloads on manual searches are not functional and instead report a download link of https://127.0.0.1:9117 rather than the host.

A bit of info about the setup:
Running reverse proxy through nginx
Jackett baseurl: /jackett
External access: disabled
With proxy_set_header Host $proxy_host;

Clearly after a bit of searching, the fix to the issue is to change

proxy_set_header Host $proxy_host;

to

proxy_set_header Host $host;

in the nginx configuration for jackett. I have confirmed that indeed the URL does change to the proper host when using this method. However, only when external access is enabled.

As soon as I disable remote access, I am no longer able to access Jackett using the $host header rather than the $proxy_host header. I receive the error:

Bad Request (Invalid host)

Clearly this is because the the request now appears to be coming from the host rather than the 127.0.0.1 proxy and access is being denied based on that header.

Would it be possible to implement a flag to Disable Host Checks so that proxies may continue to function using the $host header, but access is denied externally to anyone attempting to access jackett via IP and port?

This appears to be something to do with Mono as both Sonarr and Radarr behave in similar ways as soon as remote access is disabled.
@liaralabs liaralabs mentioned this issue Jan 11, 2018
Closed
@kaso17
Copy link
Collaborator

kaso17 commented Jan 13, 2018
edited

Can confirm this, looks like a mono specific issue (no problem on windows).
See e.g. https://stackoverflow.com/questions/23206570/httplistener-running-on-ubuntu-mono-returns-400-bad-request
I can't find a simple solution for this (besides enabling external access).
I hope using ASP .NET CORE (see #1680) will fix this.

@liaralabs
Copy link
Author

Thanks for taking a look at this and confirming. Hopefully this will change in the future if/when Jackett sheds its dependency on mono 🙂

Until then, I'll look into ways I can configure the admin password automatically as this is main issue with leaving remote access enabled in a reverse proxy setup.

@userdocs userdocs mentioned this issue Mar 10, 2018
Closed
@liaralabs
Copy link
Author

Good news: this seems to have fixed itself with the update to the kestrel web server. I am no longer required to set the host header to $proxy_host to get this working with external access disabled. 👍

@kaso17 kaso17 closed this as completed Aug 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kaso17 @liaralabs