New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to log into instance behind reverse proxy #1146

Closed
mirabellette opened this Issue May 25, 2018 · 6 comments

Comments

4 participants
@mirabellette
Copy link

mirabellette commented May 25, 2018

Hello,

I think I am experiencing the same issue described here #1130.

My configuration is the next one:
public url: example.com
reverse proxy apache 2.4 virtual machine ip: 192.168.1.1
virtual machine has shaarli which listen port 80

When I connect to shaarli throw 192.168.1.1:80, I am able to log in successfully.
When I connect to shaarli throw example.com, I am not able to login with the same credentials

Moreover, to do the installation, when I delete data/config.json.php and reload from example.com, I am redirected to 192.168.1.1 until I finish to configure it successfully. I got an error message about php session but If I say try again I am able to configure it.

When it is finally configured, I can now accessed from example.com and 192.168.1.1 but login works only from 192.168.1.1

I set "session_protection_disabled": false, to true but it doesn't change anything.

  • same result with Firefox60 and chromium
@ArthurHoaro

This comment has been minimized.

Copy link
Member

ArthurHoaro commented May 25, 2018

Hi, I suspect there is an issue with your webservers configuration.

Can you:

  • post host both virtal configuration
  • create a tmp.php file in Shaarli's root directory containing:
<?php var_dump($_SERVER);

You can obfuscate the real domain as long as it stays coherent. :)

@ArthurHoaro ArthurHoaro added this to Awaiting user feedback in Support May 25, 2018

@mirabellette

This comment has been minimized.

Copy link
Author

mirabellette commented May 26, 2018

I didn't know about $SERVER, thank you :)

I did it and it appears that ["HTTP_COOKIE"] is not sent when I am connecting from example.com ;
I did it when I was log off but the cookie was still here.
I have no value in cookie from example.com contrary to 192.168.1.1
I also can't create a new link from example.com even I set the Shaarli as open in the configuration. I got a token error.

I am not sure it was from my side. I use the same reverse proxy configuration from a lot of different services with cookie like Nextcloud or Pluxml and I have no errors.

Thank you for your help :)

array(35) {
["HTTP_HOST"]=> string(14) "192.168.1.1"
["HTTP_USER_AGENT"]=> string(76) "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
["HTTP_ACCEPT"]=> string(63) "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
["HTTP_ACCEPT_LANGUAGE"]=> string(14) "en-US,en;q=0.5"
["HTTP_ACCEPT_ENCODING"]=> string(17) "gzip, deflate, br"
["HTTP_DNT"]=> string(1) "1"
["HTTP_UPGRADE_INSECURE_REQUESTS"]=> string(1) "1"
["HTTP_CACHE_CONTROL"]=> string(9) "max-age=0"
["HTTP_X_FORWARDED_FOR"]=> string(9) "1.2.3.4"
["HTTP_X_FORWARDED_HOST"]=> string(16) "example.com"
["HTTP_X_FORWARDED_SERVER"]=> string(16) "example.com"
["HTTP_CONNECTION"]=> string(10) "Keep-Alive"
["PATH"]=> string(60) "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
["SERVER_SIGNATURE"]=> string(75) " Apache Server at 192.168.1.1 Port 80 "
["SERVER_SOFTWARE"]=> string(22) "Apache"
["SERVER_NAME"]=> string(14) "192.168.1.1"
["SERVER_ADDR"]=> string(14) "192.168.1.1"
["SERVER_PORT"]=> string(2) "80"
["REMOTE_ADDR"]=> string(9) "1.2.3.4"
["DOCUMENT_ROOT"]=> string(16) "/var/www/shaarli"
["REQUEST_SCHEME"]=> string(4) "http"
["CONTEXT_PREFIX"]=> string(0) ""
["CONTEXT_DOCUMENT_ROOT"]=> string(16) "/var/www/shaarli"
["SERVER_ADMIN"]=> string(19) "webmaster@localhost"
["SCRIPT_FILENAME"]=> string(24) "/var/www/shaarli/tmp.php"
["REMOTE_PORT"]=> string(5) "47640"
["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1"
["REQUEST_METHOD"]=> string(3) "GET"
["QUERY_STRING"]=> string(0) ""
["REQUEST_URI"]=> string(8) "/tmp.php"
["SCRIPT_NAME"]=> string(8) "/tmp.php"
["PHP_SELF"]=> string(8) "/tmp.php"
["REQUEST_TIME_FLOAT"]=> float(1527302890.607)
["REQUEST_TIME"]=> int(1527302890) } 

--------- from 192.168.1.1

array(32) {
["HTTP_HOST"]=> string(14) "192.168.1.1"
["HTTP_USER_AGENT"]=> string(76) "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
["HTTP_ACCEPT"]=> string(63) "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
["HTTP_ACCEPT_LANGUAGE"]=> string(14) "en-US,en;q=0.5"
["HTTP_ACCEPT_ENCODING"]=> string(13) "gzip, deflate"
["HTTP_COOKIE"]=> string(34) "shaarli=q9tl153jvj9knq5fc4ki1plmc0"
["HTTP_DNT"]=> string(1) "1"
["HTTP_CONNECTION"]=> string(10) "keep-alive"
["HTTP_UPGRADE_INSECURE_REQUESTS"]=> string(1) "1"
["PATH"]=> string(60) "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
["SERVER_SIGNATURE"]=> string(75) " Apache  Server at 192.168.1.1 Port 80 "
["SERVER_SOFTWARE"]=> string(22) "Apache"
["SERVER_NAME"]=> string(14) "192.168.1.1"
["SERVER_ADDR"]=> string(14) "192.168.1.1"
["SERVER_PORT"]=> string(2) "80"
["REMOTE_ADDR"]=> string(13) "192.168.1.5"
["DOCUMENT_ROOT"]=> string(16) "/var/www/shaarli"
["REQUEST_SCHEME"]=> string(4) "http"
["CONTEXT_PREFIX"]=> string(0) ""
["CONTEXT_DOCUMENT_ROOT"]=> string(16) "/var/www/shaarli"
["SERVER_ADMIN"]=> string(19) "webmaster@localhost"
["SCRIPT_FILENAME"]=> string(24) "/var/www/shaarli/tmp.php"
["REMOTE_PORT"]=> string(5) "49248"
["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1"
["REQUEST_METHOD"]=> string(3) "GET"
["QUERY_STRING"]=> string(0) ""
["REQUEST_URI"]=> string(8) "/tmp.php"
["SCRIPT_NAME"]=> string(8) "/tmp.php"
["PHP_SELF"]=> string(8) "/tmp.php"
["REQUEST_TIME_FLOAT"]=> float(1527302752.48)
["REQUEST_TIME"]=> int(1527302752) } 

--------- virtual host

`
virtual machine

<VirtualHost 192.168.1.1:80>
        ServerName example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/shaarli

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

reverse proxy configuration

<VirtualHost 5.5.5.5:443>
        ServerName example.com
        ServerAdmin admin@example.com

        ErrorLog ${APACHE_LOG_DIR}/example.com/error.log
        CustomLog ${APACHE_LOG_DIR}/example.com/access.log combined

        SSLEngine on

        ProxyPass / http://192.168.1.1:80/
        ProxyPassReverse / http://192.168.1.1:80/

         SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem 

</VirtualHost>
@ArthurHoaro

This comment has been minimized.

Copy link
Member

ArthurHoaro commented May 26, 2018

I'm not sure what's causing the issue, and I don't have much time to run an Apache config test right now, but I think that your issue is that when you're connecting through example.com the SERVER_NAME is wrong.

["SERVER_NAME"]=> string(14) "192.168.1.1"

It should be example.com, otherwise the cookie gets attached to the wrong domain, and does not apply.

@nodiscc

This comment has been minimized.

Copy link
Member

nodiscc commented May 26, 2018

@mirabellette Have you tried setting

<VirtualHost *:80>

instead of the IP address in the VM's apache configuration? Otherwise you should probably investigate settings in https://httpd.apache.org/docs/2.4/mod/mod_proxy.html. Unfortunately not much time to reproduce your setup right now.

@virtualtam virtualtam added the proxy label May 29, 2018

@mirabellette

This comment has been minimized.

Copy link
Author

mirabellette commented May 29, 2018

You were right, the error was about the web server configuration with the reverse proxy. It didn't transmit correctly the server name host to the virtual machine.

To fix it, you should add this parameter to the Apache2 configuration.
ProxyPreserveHost On

Thank you very much for your help and sorry for the inconvenience.

@ArthurHoaro

This comment has been minimized.

Copy link
Member

ArthurHoaro commented May 29, 2018

I'm glad you were able to fix your issue. I'm reopening this because the documentation should mention this ProxyPreserveHost directive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment