LDAP login results in auth-success with a Test message but no homepage

[carlsonp]

We had a running and successfully setup version of ShinyProxy 3.0.1 setup with LDAP as our authentication. We upgraded to 3.0.2. Now when we login, it goes to the following URL: https://ourserver.com/auth-success, with a message on the screen of Test. It does not redirect properly to the main page. If we adjust the URL and take off auth-success it loads up and we can see the main page with a list of the Shiny applications to run. There are no error messages in the Docker log file.

We also have nginx setup as a reverse proxy. Our nginx.conf file looks like this:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}


http {
	# make log files visible in browser and not force you to download them
	types {
		text/plain log;
	}

	server {
		listen                80;
		rewrite     ^(.*)     https://$host$1 permanent;
	}

	# port forward to Shiny
	# use `nginx -t` to test
	# https://lukesingham.com/shiny-containers-with-shinyproxy/
	# https://shinyproxy.io/documentation/security/
	server {
		listen 443 ssl;
		ssl_certificate /usr/local/share/ca-certificates/certificate.crt;
		ssl_certificate_key /usr/local/share/ca-certificates/private.key;
		
		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

		error_page 502 /custom_502.html;
		location = /custom_502.html {
			root /usr/share/nginx/html;
			internal;
			add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
		}

		location / {
			proxy_pass http://shinyproxy:8080;
			proxy_http_version                    1.1;
			proxy_set_header Upgrade              $http_upgrade;
			proxy_set_header Connection           "upgrade";
			proxy_read_timeout                    600s;
			proxy_redirect                        off;
			proxy_set_header Host                 $http_host;
			proxy_set_header X-Real-IP            $remote_addr;
			proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Protocol $scheme;
			
			add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
		}

		# container log files
		location /container-logs/ {
			alias /container-logs/;
			autoindex on;
			add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
		}
	}

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log debug;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

I don't see any error messages in the Docker nginx logs.

Does anyone have any suggestions on what to try? I didn't notice anything in the release note that would indicate any config changes to make for LDAP. Thanks

[LEDfan]

Hi
I think this is a similar issue as #435

Can you try changing this line in your config:

proxy_set_header X-Forwarded-Protocol $scheme;

to

proxy_set_header  X-Forwarded-Proto $scheme;

(see https://shinyproxy.io/documentation/security/#https-ssl--tls )

Next you'll have to add the following configuration to ShinyProxy (on the root level of the configuration file, not nested under proxy):

server:
  forward-headers-strategy: native

```yaml

[carlsonp]

Thank you so much! This fixed the issue, cheers.