Wrong App URL

[SinoBoeckmann]

Hey there,
I'm not sure how this can happen but:

I've setup the .env and changed the APP_URL to an normal domain (so no localhost address inside here).
But.. when I run the docker-compose and load the site... all (!) links in the markup are related to to the localhost:/ address (see screenshot below).

My setup is:

• This docker-container
• NGINX on the host machine to proxy the localhost address
• Debian 9, lates docker, latest docker-compose, latest invoiceninja repo-release

So... in theory:

InvoiceNinja-Nginx Container is running at Port 80 and through the docker-compose config file forward it to the host at port 8002 so that I can proxy_pass this via the nginx installation on the host to any domain I want or at least to that one I defined in APP_URL?

I'm just a bit confused... so... maybe someone can explain me why InvoiceNinja is not using the APP_URL instead of the URL provided by InvoiceNinja-Nginx Container

(And yes, I tried this multiple time while deleting everything, removing all docker images etc
)

I added an screenshot to may, clarify it a bit more:

[hillelcoren]

The APP_URL value is only used in cases where the site is accessed without a browser. ie, when running artisan console commands.

[SinoBoeckmann]

Okay!
And why is the URL then "hardcoded/ hardlinked" in the markup and not just relative to the domain?

Is there a way to change this? Or at least to change it once to another domain name?

[hillelcoren]

Sorry, I'm not sure how to change this. It's probably related to using a proxy.

[SinoBoeckmann]

So... I got it. Somehow.
I needed to add the following lines to my proxy_pass in nginx (host)

proxy_redirect off; proxy_set_header Host $Host

But then I had the problem, that internally in laraval/ symfony the asset-method still get me http links instead of https so unfortunately I needed to change the routes/web.php and add

if (env('APP_ENV') === 'production') { URL::forceSchema('https'); }

on top of this file.
(https://laracasts.com/discuss/channels/laravel/how-i-can-force-all-my-routes-to-be-https-not-http?page=1)

Maybe, it is possible to add this URL::forceSchema('https'); to the repo of invoiceninja if the checkbox (use ssl/tls) is checked in the invoiceninja setup progress!

[hillelcoren]

Thanks for sharing the solution!

You can add REQUIRE_HTTPS=true to the .env file to require HTTPS

[SinoBoeckmann]

With REQUIRE_HTTPS=true I'm getting a "too many redirects".

I'm not sure yet what is redirecting so often. I will have a look into this later!

[hillelcoren]

Maybe this will help:
https://www.invoiceninja.com/forums/topic/ssl-too-many-redirects/#post-8578

Also, you may need to configure the trusted proxies:
http://docs.invoiceninja.com/en/latest/configure.html#using-a-proxy

[SinoBoeckmann]

@hillelcoren
It is this file:44 that causes the redirects... but I'm not sure why and nor I'm that into Symfony/ Laravel to know where Redirect::secure is come form.

https://github.com/invoiceninja/invoiceninja/blob/3cbf29afad95585e9642775d3d1244460e024a9c/app/Http/Middleware/StartupCheck.php

[SinoBoeckmann]

I will have a look into that urls... but beside that. Even when I remove this trigger the internal links are not delivered as https as like URL::forceSchema('https'); does!

[hillelcoren]

Yes, that's the relevant code.

Not sure...

[lalop]

hey @SinoBoeckmann maybe you should add your proxy as a trusted one https://github.com/invoiceninja/invoiceninja/blob/master/.env.example#L36

[Mzngit]

@SinoBoeckmann For those of us who are newbies, where in the nginx.conf file is your line (prox redirect) line get added?
Also, do you think it has any relevance to the problem in issue #62 relating to Upgrade?
Thanks.

[SinoBoeckmann]

@Mzngit This is just a "normal" nginx/ "vhost" configuration:
Here is in full grace:

# 1. force the website to be https
server {
	listen 80;
	listen [::]:80;

	server_name domain.name;
	return 301 https://domain.name$uri$is_args$args;
}

# 2. the actual config with the proxy
server {

	listen 443 ssl;
	listen [::]:443 ssl;

	ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem;

	server_name domain.name;

	location / {
		proxy_set_header        Host $host;
		proxy_set_header        X-Real-IP $remote_addr;
		proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header        X-Forwarded-Proto $scheme;

		# Fix the “It appears that your reverse proxy set up is broken" error.
		proxy_pass		http://127.0.0.1:8858;
		proxy_read_timeout	90;
		#proxy_redirect		http://localhost:8858 https://domain.name;
	}
}

Within this config it is working well.
But there are some other issues with this docker repo here and the Dockerfile!

I will open a pull request later this week with some fixes to the system. :)

[SinoBoeckmann]

Ah ... and @lalop. I tried the trusted proxy config as you mentioned. But this wasn't working either.
There is something in this case that I'm missing and I will figure it out! :)

[lalop]

@SinoBoeckmann did you find any explanation ?