Securing grocy-desktop for the internet with a nginx reverse proxy
Moskus opened this issue · 4 comments
I'm trying to set up access to grocy-desktop. To avoid messing with the pre-configured nginx server, I'd thought I just add another as a reverse proxy.
It's a simple setup with an .htaccess file and a certificate for SSL. This is what I would normally do:
location / {
proxy_set_header Host $host;
proxy_pass http://localhost:4010;
}
This works great with other services, e.g. BarCode Budy has no problems. But not with Grocy for some reason, and I'm sure (and hoping) I'm missing something simple.
If I try to load https://myserver.com:44310 it kind of loads, but there's no CSS and the links are linking to https://localhost:4010/something, or http://myserver.com/something (no SSL and not the correct port), depending on if I set the host header or not.
I also tried
location / {
proxy_set_header Host https://myserver:44310;
proxy_pass http://localhost:4010;
}
... but then I get a "Bad Request"...
Although it should work, grocy-desktop is not really intended to host grocy as a real webserver - if you already run nginx, why not just install grocy as a normal web app (PHP-FPM)?
It's about the grocy config.php setting BASE_URL, grocy-desktop always sets this to just / (here).
Based on this, grocy calculates the used base URL here - so guessing (also based on the example nginx reverse proxy config found here and linked there):
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme
proxy_pass http://localhost:4010;
}
Thanks for the reply!
I'm beginning to realize that although all my friends call me a "huge nerd", I still have plenty to learn. Using grocy-desktop would be the easiest way to get up and running on Windows, as you have already done the heavy lifting! 😊 I even got the Windows Store version, just to have it automatically update... Although I'm not sure that was smart.
Now I try to connect to
https://myserver.com:44310/
... and then I get redirected to:
https://myserver.com/stockoverview
Ah, in the end this worked for me:
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:4010;
}
Great! :)
Will add a link to this on https://grocy.info/links as a reference if anyone tries to do this again.
=> grocy/grocy-website#17