infisical icon indicating copy to clipboard operation
infisical copied to clipboard
verified publisher icon Infisical

Proxy via nginx to path doesn't work

Open jzielke84 opened this issue 1 year ago • 6 comments

Describe the bug

When setting SITE_URL to something like https://myhost.domain.com/infisical the gui still tries to load ressources from https://myhost.domain.com e.g. https://myhost.domain.com/images/loading/loading.gif.

My nginx is passing everything to http://localhost:3000 (that's where infisical runs):

      location /infisical {
            proxy_pass http://localhost:3000;
            proxy_redirect off;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
        expires -1;
      }

To Reproduce

Steps to reproduce the behavior:

  1. Install infisical using docker
  2. Install nginx reverse proxy
  3. Set SITE_URL

Expected behavior

Access infisical by subdirectory. Also expect some kind of documentation for using reverse proxies. No info on custom headers (if needed) or anything else.

jzielke84 avatar Sep 02 '24 16:09 jzielke84

I feel the same way. The apps on localhost work, but when I try to expose them using nginx, they only show "loading resources" or "loading configuration" and get stuck.

christelljames avatar Oct 07 '24 07:10 christelljames

It would be great if we site_url can support path, or intrduce another variable for that, for example grafana use serve_from_sub_path var: https://grafana.com/tutorials/run-grafana-behind-a-proxy/

haithamalnaeb avatar Feb 15 '25 05:02 haithamalnaeb

I'm on the same boat. Tried setting up my infisical behind Nginx reverse proxy and be accessible at /infisical but resources won't load.

iambryancs avatar Apr 14 '25 06:04 iambryancs

Same here

aistisdev avatar Jul 18 '25 14:07 aistisdev

Same here, I'm trying to run it with Dokku and see this error on startup:

{"level":50,"time":1754775861605,"pid":7,"hostname":"123d0d6df9d0","reqId":"UNKNOWN_REQUEST_ID","severity":"ERROR","err":{"type":"Error","message":"self-signed certificate in certificate chain","stack":"Error: self-signed certificate in certificate chain\n    at TLSSocket.onConnectSecure (node:_tls_wrap:1677:34)\n    at TLSSocket.emit (node:events:524:28)\n    at TLSSocket.emit (node:domain:489:12)\n    at TLSSocket._finishInit (node:_tls_wrap:1076:8)\n    at ssl.onhandshakedone (node:_tls_wrap:862:12)","code":"SELF_SIGNED_CERT_IN_CHAIN"},"msg":"Boot up migration failed"}

Anyway we can ask it to trust self-signed certificates?

sbatista-visor avatar Aug 09 '25 21:08 sbatista-visor

Same here

lpj-app avatar Sep 27 '25 11:09 lpj-app