Container behind reverse proxy forwards to localhost
merspieler opened this issue · 17 comments
I've got the container running with -p 8084:8080.
Traffic goes through an apache2 web server which handles ssl.
This works initially but at times I get forwarded to https://localhost:8084/ instead of my domain.
Editing the url, replacing localhost:8084 with the domain gets me to that site but on some actions I get redirected again to localhost:8084
BASE_URL is set to https://survey.<my.domain>
Apache2 config:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName survey.my.domain
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/lime-mer-error.log
CustomLog ${APACHE_LOG_DIR}/lime-mer-access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/survey.my.domain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/survey.my.domain/privkey.pem
ProxyPass "/" "http://localhost:8084/" connectiontimeout=5 timeout=30
ProxyPassReverse "/" "http://localhost:8084/"
# LetsEncrypt ACME
<Location /.well-known>
ProxyPass !
</Location>
</VirtualHost>
</IfModule>
What am I doing wrong?
Hi, have you tried also setting the PUBLIC_URL variable to https://survey.<my.domain>?
I didn't before as the description said something about scripts (Public URL for public scripts) so I wasn't sure.
Adding it didn't help tho, I keep getting redirected.
I Even wiped the database in case something did persist in there but no luck.
Ok, another thing could be the Alias in the Apache config inside the Container. The docker-compose.traefik.yml has an example for that:
volumes:
# Unfortunately the StripPrefix Function in Traefik won't work;
# Meaning, we will have to set 'Alias /limesurvey "/var/www/html"' in the Apache Config
- "./examples/apache-example.conf:/etc/apache2/sites-available/000-default.conf:ro"
You can find the apache-example.conf in this repo.
Not sure how an alias should help me as it's already located at the document root.
Tried it anyways with Alias / "/var/www/html" but no change as I expected.
Hi, I just added an example on a new branch: https://github.com/martialblog/docker-limesurvey/tree/docs/apache-proxy
It is somehwat working, however we run into an old issue in which the application doesn't know it's behind a proxy: #49 when you call the /admin area.
I'll try some more the coming days, if you have any progress let me know.
Thanks.
Since you said it only affects the admin area, I went ahead, with that inconvenience and created the small survey I needed just now.
Participating in the survey works without that issue.
Would be great tho if it'd fully work in the future.
Thanks for your work.
Hi everyone!
Had the same issue running the fpm version behind a nginx reverse proxy.
Setting the PUBLIC_URL and BASE_URL variables didn't work.
The solution I found was adding the HTTP_HOST fastcgi_param in the nginx.conf file that the docker-compose service uses.
location ~ \.php$ { include fastcgi_params; fastcgi_param HTTP_HOST <my.domain>; }
Hopefully this will be helpful.
@jimartinezabadias You hint was on point!
In Apache the ProxyPreserveHost On option can be used and it works.
Thanks a lot! This issue has been open for a while.
Hi everyone! Had the same issue running the fpm version behind a nginx reverse proxy. Setting the PUBLIC_URL and BASE_URL variables didn't work.
The solution I found was adding the HTTP_HOST fastcgi_param in the nginx.conf file that the docker-compose service uses.
location ~ \.php$ { include fastcgi_params; fastcgi_param HTTP_HOST <my.domain>; }Hopefully this will be helpful.
I am running in the exact same problem. Could you post your complete (sanitized) nginx config?
@Kartoffelhumpen I updated the nginx.conf in the examples folder. Can you try this one and see if it works?
https://github.com/martialblog/docker-limesurvey/blob/master/examples/nginx.conf
Unfortunately this does not work at all. I'm getting a 500 internal Server Error
Nginx Error-Log:
2023/03/20 15:43:37 [error] 8#8: *16 rewrite or internal redirection cycle while internally redirecting to "index.php", client: <My IP>, server: <FQDN>, request: "GET / HTTP/1.1", host: "<FQDN>:8080"
@Kartoffelhumpen I just tried to recreate issue with the docker-compose.fpm.alpine.yml from the repo. With my.survey.localhost as an example domain pointing to localhost.
As far as I can tell this works as expected.
Can you give some details on how you run the Container and what the Reverse Proxy config looks like?
I tried again all morning and still got the same result. I also used fpm.alpine version.
My domain is: survey.my.example.com
Compose file:
version: '2.0'
# networks
# create a network 'limenetwork_compose' in mode 'bridged'
networks:
limenetwork_compose:
driver: bridge
# services
services:
# mariadb
mariadb:
image: mariadb:10.7.8
container_name: limesurvey_mariadb
restart: always
volumes:
- /opt/limesurvey/database:/var/lib/mysql
networks:
limenetwork_compose:
environment:
- "MYSQL_USER=limesurvey"
- "MYSQL_DATABASE=limesurvey"
- "MYSQL_PASSWORD=changeme"
- "MYSQL_ROOT_PASSWORD=changeme"
limesurvey:
build: .
volumes:
- /tmp/upload/surveys:/var/www/html/upload/surveys
- lime:/var/www/html
links:
- mariadb
depends_on:
- mariadb
environment:
- "DB_HOST=mariadb"
- "DB_PASSWORD=changeme"
- "ADMIN_PASSWORD=changeme"
- "DB_TABLE_PREFIX=limesurvey"
networks:
limenetwork_compose:
lime-web:
image: docker.io/nginx:alpine
links:
- limesurvey
depends_on:
- limesurvey
ports:
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- /etc/containers/limesurvey/certs/:/etc/nginx/certs/
- lime:/var/www/html
networks:
limenetwork_compose:
volumes:
lime:
Nginx Config:
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 443 ssl http2;
server_name survey.my.example.com;
ssl_certificate /etc/nginx/certs/crt.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "HIGH:!aNULL:!MD5;";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling off;
ssl_stapling_verify off;
index index.php;
set $host_path "/var/www/html";
include /etc/nginx/mime.types;
root /var/www/html;
charset utf-8;
location / {
try_files $uri /index.php?$args;
}
location ~ ^/(protected|application|framework|themes/\w+/views) {
deny all;
}
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
try_files $uri index.php;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass limesurvey:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
# For Subdomains like https://survey.example.com
fastcgi_param HTTP_HOST survey.my.example.com;
}
}
}
Some result: https://survey.my.example.com works fine. Opening https://survey.my.example.com/admin redirects to http://limesurvey/admin/
I used your nginx.conf (without SSL) and the docker-compose.fpm.alpine.yml from the repo. survey.my.example.com/admin worked alright.
Maybe there's some old Containers/Volumes or config lying around and being used? Maybe exec into the Containers and see what's files are being used.
I also tried again with a completely new installation.
Opening https://survey.my.example.com/admin still does not work after the initial deployment.
But: when I use the complete URL https://survey.my.example.com/index.php/admin/authentication/sa/login everything works as expected and I can log in without any problems.
After logging in the redirect for https://survey.my.example.com/admin also works.
Looks like some kind of limesurvey .htaccess problem or something similar.
In short: works for me
Interesting. Thanks for the feedback
Since we now some more insight on this issue and have some working examples I will close this issue.
Thanks everyone for the help and for your feedback!