-
Notifications
You must be signed in to change notification settings - Fork 604
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login redirects to port 10000 #976
Comments
What is your setup? Do you use SSL? |
if you use reverse proxy, you have to tell it webmin also, see: Try adding the line "webprefixnoredir=1" to /etc/webmin/config. |
Pretty sure gnadelwartz suggestion is all that's needed here, so closing this ticket. |
After adding "webprefixnoredir=1" to /etc/webmin/config didn't fix it for me, after restarting and clearing all caches I'm still getting redirects to |
Is it happening behind Apache? If you globally set Gray Theme (including login prompt, using Webmin/Webmin Configuration/Themes), will it still do redirect? |
Nick, actually latest Webmin version (1.920+) that ships latest Authentic Theme 19.36+ actually might handle things correctly without being it set Can you try to make sure that you're running at least Authentic Theme 19.36, then set it by default (including login screen) and change Does it help? |
It's also assumed that |
I tried both 0 and 1, no luck. Haven't tried the new version yet though, thanks for the help so far! |
What are your Webmin and Authentic Theme versions? |
I have the same problem. Operating system | CentOS Linux 7.6.1810 I tried: |
Check you Apache proxy and do not set ProxyPreserveHost On directive (other proxies should have familiar option), it will cause redirect after login problem. If you want to log real IP, use |
I have the same issue using caddy, I tried every configuration possible, nothing helped. When I login it redirects to domain:port_number. This is my caddy config. I disable SSL until I fix the issue, otherwise I get banned by let's encrypt. # WebMin
webmin.com:80 {
tls off
tls email@gmai.com
proxy / http://127.0.0.1:10000 {
transparent
}
log stdout
errors stdout header / {
Strict-Transport-Security "max-age=31536000;"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
}
} |
It has been fixed a long time ago. Have you read this? #1135 (comment)
Webmin doesn't automatically change it. Check your proxy config. |
What have you tried? What Webmin version are you using? |
If you downgrade the package to Webmin 1.942 for testing purposes - does it work then any differently, if so, how exactly? You can easily downgrade running the following command:
|
Keep it then, if you not sure what to do.
I don't think we ever remove this feature the way, so anyone could just login. 🙂 |
We fixed that and all others seemed to be able to configure it and were happy about it. There are plenty of people here who uses Traefik, go ahead and ask them first, if they experience the same issue.
Assuming that you're running Traefik and Webmin on the same server it is not that insecure, in case initial connection between you and your proxy is in SSL.
Most of the time, we don't feel that, unfortunately.
I wonder what would you say if you mis-configuring something?
While you could, we have to.
Why does it work perfectly fine with Apache proxy?
Think why this is happening in one type of auth and doesn't in the other, and share your ideas.
We don't take it personal, it's just personalities who work and support it in the end, no matter what. |
@user897943 2FA is false security! If someone wants to get into your system they can pay $50 to a cell phone agent and have your telephone number ported to another provider. The attacker can then get the 2FA code and enter into the system. In other words, 2FA is only as secure as the service provider. See the recent Telus/Koodoo leak that occured in Canada where someone was able to get access to a copy of their customer database via a trusted third party. All the security in the world won't do a damn thing if your have a weak link in the chain. Good luck with your 'security'. |
@user897943 It's great that you used your imagination to think that I wasn't aware of the existence of 2FA apps. |
This comment has been minimized.
This comment has been minimized.
Have a good rest of day. |
We will consider that you are simply spamming. Any software considered to be secure until proven otherwise! The fact that you cannot configure services correctly doesn't make them insecure. We are always taking security issues seriously and patch any found proof issues urgently. If you believe there is a security issue, email us privately to security@ email address, with steps to reproduce an issue, and we will surely be able to fix that as soon as possible or/and even be able to reward your efforts! |
When using Webmin behind a reverse proxy like nginx the login screen redirects to url.com:10000 instead of url.com after a successful login.
The text was updated successfully, but these errors were encountered: