Freika
Reverse proxy support error 422
Describe the bug When starting the server behind a reverse proxy, I get to the login page. Any password entered just clears the fields with no message. Upon closer inspection I see that I get error 422 in the console. I also somehow managed to provoke this page:
Version Master as of 2024-12-01
Nginx proxy manager with websocket support enabled, pointing to http://192.168.10.25:3000
There is clearly some kind of header rewriting or something that is required here, but I am not sure what? For all other applications I have just enabled reverse proxy and had it immediately work.
Same issue here, but unable to resolve it.
I tried to change APPLICATION_PROTOCOL in docker-compose.yml for dawarich_app and _sidekiq to https but then sidekiq would never start (I quit the docker compose up -d command after ~300 seconds).
Sure. Here is the log for dawarich_app after setting the protocol to https. I can't get a log for the sidekiq container since it doesn't actually start (I think?). Wanted to include as much detail as possible, so sorry for the big block here:
` Environment: development dawarich_db (172.31.0.2:5432) open Fetching rubygems-update-3.5.7.gem Successfully installed rubygems-update-3.5.7 Installing RubyGems 3.5.7 Successfully built RubyGem Name: bundler Version: 2.5.7 File: bundler-2.5.7.gem Bundler 2.5.7 installed RubyGems 3.5.7 installed Regenerating binstubs Regenerating plugins
RubyGems installed the following executables: /usr/local/bin/gem /usr/local/bin/bundle /usr/local/bin/bundler
RubyGems system software updated Fetching bundler-2.5.9.gem Successfully installed bundler-2.5.9 1 gem installed
A new release of RubyGems is available: 3.5.7 → 3.6.1!
Run gem update --system 3.6.1 to update your installation.
Database dawarich_development already exists, skipping creation...
PostgreSQL is ready. Running database migrations...
[dotenv] Set DATABASE_PORT
[dotenv] Loaded .env.development
D, [2024-12-19T18:13:30.370644 #38] DEBUG -- : ActiveRecord::SchemaMigration Load (3.3ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
D, [2024-12-19T18:13:30.411962 #38] DEBUG -- : ActiveRecord::SchemaMigration Load (2.3ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
Running DATA migrations...
[dotenv] Set DATABASE_PORT
[dotenv] Loaded .env.development
D, [2024-12-19T18:13:33.396025 #68] DEBUG -- : (0.3ms) SELECT pg_try_advisory_lock(1212213197400985920)
D, [2024-12-19T18:13:33.400433 #68] DEBUG -- : DataMigrate::DataSchemaMigration Load (3.3ms) SELECT "data_migrations"."version" FROM "data_migrations" ORDER BY "data_migrations"."version" ASC
D, [2024-12-19T18:13:33.408095 #68] DEBUG -- : ActiveRecord::InternalMetadata Load (3.1ms) SELECT * FROM "ar_internal_metadata" WHERE "ar_internal_metadata"."key" = $1 ORDER BY "ar_internal_metadata"."key" ASC LIMIT 1 [[nil, "environment"]]
D, [2024-12-19T18:13:33.409422 #68] DEBUG -- : (0.4ms) SELECT pg_advisory_unlock(1212213197400985920)
D, [2024-12-19T18:13:33.410857 #68] DEBUG -- : DataMigrate::DataSchemaMigration Load (0.3ms) SELECT "data_migrations"."version" FROM "data_migrations" ORDER BY "data_migrations"."version" ASC
Running seeds...
[dotenv] Set DATABASE_PORT
[dotenv] Loaded .env.development
D, [2024-12-19T18:13:36.328635 #81] DEBUG -- : ActiveRecord::SchemaMigration Load (2.3ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
D, [2024-12-19T18:13:36.386079 #81] DEBUG -- : User Exists? (2.1ms) SELECT 1 AS one FROM "users" LIMIT $1 [["LIMIT", 1]]
Starting Foreman with Procfile.dev...
18:13:37 web.1 | started with pid 107
18:13:39 web.1 | => Booting Puma
18:13:39 web.1 | => Rails 7.2.2 application starting in development
18:13:39 web.1 | => Run bin/rails server --help for more startup options
18:13:39 web.1 | [dotenv] Set DATABASE_PORT
18:13:39 web.1 | [dotenv] Loaded .env.development
18:13:40 web.1 | [107] Puma starting in cluster mode...
18:13:40 web.1 | [107] * Puma version: 6.5.0 ("Sky's Version")
18:13:40 web.1 | [107] * Ruby version: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux-musl]
18:13:40 web.1 | [107] * Min threads: 5
18:13:40 web.1 | [107] * Max threads: 5
18:13:40 web.1 | [107] * Environment: development
18:13:40 web.1 | [107] * Master PID: 107
18:13:40 web.1 | [107] * Workers: 2
18:13:40 web.1 | [107] * Restarts: (✔) hot (✖) phased
18:13:40 web.1 | [107] * Preloading application
18:13:40 web.1 | [107] * Listening on http://0.0.0.0:3000
18:13:40 web.1 | [107] Use Ctrl-C to stop
18:13:40 web.1 | [107] - Worker 0 (PID: 119) booted in 0.0s, phase: 0
18:13:40 web.1 | [107] - Worker 1 (PID: 123) booted in 0.0s, phase: 0
18:13:47 web.1 | 2024-12-19 18:13:47 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:13:57 web.1 | 2024-12-19 18:13:57 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:14:07 web.1 | 2024-12-19 18:14:07 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:14:17 web.1 | 2024-12-19 18:14:17 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:14:27 web.1 | 2024-12-19 18:14:27 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:14:37 web.1 | 2024-12-19 18:14:37 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:14:47 web.1 | 2024-12-19 18:14:47 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:14:57 web.1 | 2024-12-19 18:14:57 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:15:08 web.1 | 2024-12-19 18:15:08 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
18:15:18 web.1 | 2024-12-19 18:15:18 +0000 HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>`
Here is also the container log for dawarich_app when trying to log in behind my SSL proxy:
20:24:03 web.1 | actionpack (8.0.1) lib/action_dispatch/middleware/server_timing.rb:60:incall'
20:24:03 web.1 | actionpack (8.0.1) lib/action_dispatch/middleware/executor.rb:16:in call' 20:24:03 web.1 | actionpack (8.0.1) lib/action_dispatch/middleware/static.rb:27:in call'
20:24:03 web.1 | rack (3.1.8) lib/rack/sendfile.rb:114:in call' 20:24:03 web.1 | actionpack (8.0.1) lib/action_dispatch/middleware/host_authorization.rb:143:in call'
20:24:03 web.1 | railties (8.0.1) lib/rails/engine.rb:535:in call' 20:24:03 web.1 | puma (6.5.0) lib/puma/configuration.rb:279:in call'
20:24:03 web.1 | puma (6.5.0) lib/puma/request.rb:99:in block in handle_request' 20:24:03 web.1 | puma (6.5.0) lib/puma/thread_pool.rb:389:in with_force_shutdown'
20:24:03 web.1 | puma (6.5.0) lib/puma/request.rb:98:in handle_request' 20:24:03 web.1 | puma (6.5.0) lib/puma/server.rb:468:in process_client'
20:24:03 web.1 | puma (6.5.0) lib/puma/server.rb:249:in block in run' 20:24:03 web.1 | puma (6.5.0) lib/puma/thread_pool.rb:166:in block in spawn_thread'
20:24:03 web.1 | D, [2024-12-19T20:24:03.289074 #126] DEBUG -- : Rendering layout vendor/bundle/ruby/3.3.0/gems/actionpack-8.0.1/lib/action_dispatch/middleware/templates/rescues/layout.erb
20:24:03 web.1 | D, [2024-12-19T20:24:03.289157 #126] DEBUG -- : Rendering vendor/bundle/ruby/3.3.0/gems/actionpack-8.0.1/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout
20:24:03 web.1 | D, [2024-12-19T20:24:03.332596 #126] DEBUG -- : Rendering vendor/bundle/ruby/3.3.0/gems/actionpack-8.0.1/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
20:24:03 web.1 | D, [2024-12-19T20:24:03.459727 #126] DEBUG -- : Rendering layout layouts/application.html.erb
20:24:03 web.1 | D, [2024-12-19T20:24:03.459802 #126] DEBUG -- : Rendering devise/sessions/new.html.erb within layouts/application
20:24:03 web.1 | I, [2024-12-19T20:24:03.529359 #126] INFO -- : {"method":"GET","path":"/users/sign_in","format":"html","controller":"Devise::SessionsController","action":"new","status":200,"allocations":13305,"duration":73.5,"view":70.18,"db":0.0}
20:24:09 web.1 | I, [2024-12-19T20:24:09.333401 #126] INFO -- : {"method":"GET","path":"/api/v1/health","format":"/","controller":"Api::V1::HealthController","action":"index","status":200,"allocations":269,"duration":1.11,"view":0.11,"db":0.0}`
Thanks!
I fixed this 422 error by adding these header options in the HAProxy config file.
Not sure when using Nginx, but adding similar header options might work.
http-request set-header X-Forwarded-Ssl on
http-request set-header X-Forwarded-Port 443
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
The original error logs from HAProxy. 422 error was caused by the HTTP Origin header mismatching. So adding those header options resolved this.
dawarich_app | 07:36:41 web.1 | W, [2024-12-26T07:36:41.617437 #187] WARN -- : HTTP Origin header (https://location.example.com) didn't match request.base_url (http://location.example.com)
dawarich_app | 07:36:41 web.1 | I, [2024-12-26T07:36:41.617779 #187] INFO -- : {"method":"POST","path":"/users/sign_in","format":"turbo_stream","controller":"Devise::SessionsController","action":"create","status":422,"allocations":405,"duration":2.45,"view":0.0,"db":0.0}
Finally back from holiday travels and had a chance to dig in to this some more...
@bashibassy319 - that helped.
I run Apache for the reverse proxy. I started with the conf settings in the reverse proxy tutorial on dawarich.app, but I needed a couple extra mod_header settings to get it to work with SSL. I added:
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Ssl On
Both were necessary to get dawarich to load properly for me.
In case it will help anyone, here's a complete copy of my apache conf file:
<VirtualHost *:443>
Protocols h2 http/1.1
ServerName {mysite.net}
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
SSLProxyEngine On
RewriteEngine on
Header always set X-Real-IP %{REMOTE_ADDR}s
Header always set X-Forwarded-For %{REMOTE_ADDR}s
Header always set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Ssl On
Header always set X-Forwarded-Server %{SERVER_NAME}s
Header always set Host %{HTTP_HOST}s
SetOutputFilter BROTLI
AddOutputFilterByType BROTLI_COMPRESS text/css text/plain text/xml text/javascript application/javascript application/json application/manifest+json application/vnd.api+json application/xml application/xhtml+xml application/rss+xml application/atom+xml application/vnd.ms-fontobject application/x-font-ttf application/x-font-opentype application/x-font-truetype image/svg+xml image/x-icon image/vnd.microsoft.icon font/ttf font/eot font/otf font/opentype
BrotliCompressionQuality 6
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/{my-cert}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{my-cert}/privkey.pem
</VirtualHost>
Thanks again for pointing me in the right direction! I've been using Apache w/ docker for a while now, but hadn't run into this error before. Cheers!