Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default funkwhale_proxy.conf does'n work with proxy #19

Closed
EliotBerriot opened this Issue Mar 1, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@EliotBerriot
Copy link
Collaborator

EliotBerriot commented Mar 1, 2019

The current funkwhale_proxy.conf is:

# global proxy conf
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_redirect off;

# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

It means it will consider Funkwhale as served behind the server and protocol used to contact the proxy. This works well when the container is exposed directly to the internet.

However, in a client -> reverse proxy -> funkwhale container scenario, this breaks, because if you have proxy_pass http://localhost:5000 in your proxy conf, the values of X-Forwarded-Proto $scheme; and proxy_set_header X-Forwarded-Host $http_host; will respectively be http and localhost, regardless on how the proxy itself is accessed over the internet.

One workaround is to replace this funkwhale_proxy.conf when running the container behind a proxy:

  1. touch /tmp/funkwhale_proxy.conf
  2. Copy the following in that file:
proxy_set_header Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_redirect off;

# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
  1. Stop and remove your Funkwhale container.
  2. Recreate a new one with this additionnal volume instruction: -v /tmp/funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf

However, it's far from perfect. I wonder if we can figure a conf that will work for both cases?

@thetarkus

This comment has been minimized.

Copy link
Owner

thetarkus commented Mar 3, 2019

I may have an idea for this but I won't be able to test for a few days (or if it will even work).

Worst case scenario: we have an env variable set like USE_REVERSE_PROXY=true which will use a separate funkwhale_proxy.conf

EliotBerriot added a commit that referenced this issue Mar 20, 2019

thetarkus added a commit that referenced this issue Mar 20, 2019

Merge pull request #21 from thetarkus/proxy-https
Fix #19: added support for nested proxy via the NESTED_PROXY=1 variable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.