jelu icon indicating copy to clipboard operation
jelu copied to clipboard
verified publisher icon bayang

Having problem using through reverse proxy

Open danjb opened this issue 6 months ago • 6 comments

I have been looking for a good self-hosted book logger that can keep reviews and ratings of books I've read, plus allow imports and metadata population. Basically a better private GoodReads. Jelu looks like it can fill the bill.

I am installing under Docker, and can get Jelu to work fine directly in my private network. However, I use a Nginx reverse proxy to access my services via subdomain and wrap requests in https. When I do this with Jelu, it does not appear to maintain my login session. It will present the Jelo auth page, then appear to successfully login showing the Jelu dashboard. However, if I do anything from there, including just refreshing the page with F5, it acts as if I haven't logged in and presents the auth page again.

I've checked headers the reverse proxy is passing, and there is a SESSION cookie after the login (I assume a Java session ID). The x-real-ip, x-forwarded-for, x-forwarded-protocol, x-forwarded-proto, x-forwarded-host, x-forwarded-port, forwarded headers are all set to the external https subdomain based internet address. The host header and of course the internal GET url reference the http intranet Docker host / port Jelu is running on.

Any idea why this would confuse the Jelu login session? I do see this warning appear in the Jelu logs:

[io-11111-exec-1] o.s.web.servlet.PageNotFound : No mapping for GET /books

I tried configuring the application.yml file to specify the default example settings given for configuring proxy authentication, even though I am NOT using proxy authentication with Jelu. No different result occurred.

danjb avatar Jun 30 '25 20:06 danjb

Well Jelu is just a basic web app with nothing fancy, any basic reverse configuration should work out of the box. Jelu can use cookie and localstorage of your browser. I am myself using caddy and I just have this in my config

jelu.mydomain {
  encode zstd gzip
  reverse_proxy jelu:11111 {
  }
  log {
    output file /data/jelu.log
  }
}

Are you sure you don't have an extension or sth that is preventing session data to be persisted ?

bayang avatar Jul 01 '25 07:07 bayang

I have a similar setup and I have the same problem. Docker with nginx-reverse-proxy. The reverse proxy works because I can login and navigate. Requests to jelu seem to include the cookie in the header (Cookie: SESSION=Zm...) but the server returns 403. I see the cookie in local storage. If I reload with F5 instead of just clicking to navigate, I have to login again.

mlessard-appcom avatar Jul 12 '25 17:07 mlessard-appcom

Can you see something in the browser console ? What is your reverse proxy configuration ?

bayang avatar Jul 14 '25 14:07 bayang

For what it's worth, I was experiencing the same issue that @mlessard-appcom described just after spinning Jelu up via docker compose with Nginx Proxy Manager in front of it.

I noticed 403 errors in my browser console and also some in the docker container logs. When I started troubleshooting, I noticed everything worked correctly in a different browser than the one I used to set it up in (Firefox). I tried incognito mode in Firerfox, and Jelu worked correctly. After clearing cookies/session data from the last few hours, it also worked correctly in non-incognito FIrefox.

Something must have been cached that was throwing everything off for me.

richlawson avatar Jul 30 '25 04:07 richlawson

I'm getting similar errors.

Request:

POST https://jelu.rarity.boutique/api/v1/metadata
{"isbn":"0-395-25939-8","plugins":[]}

Response:

{"timestamp":"2025-10-31T22:25:43.446+00:00","status":403,"error":"Forbidden","path":"/api/v1/metadata"}

Nothing in server logs.

CelestialStreamer avatar Oct 31 '25 22:10 CelestialStreamer

I'm getting similar errors.

Request:

POST https://jelu.rarity.boutique/api/v1/metadata
{"isbn":"0-395-25939-8","plugins":[]}

Response:

{"timestamp":"2025-10-31T22:25:43.446+00:00","status":403,"error":"Forbidden","path":"/api/v1/metadata"}

Nothing in server logs.

I have exact same issue (with nginx proxy). I added the configuration file application.yml with:

jelu:
  cors.allowed-origins:
    - http://books.hptheti

tried

jelu:
  cors.allowed-origins:
    - "*"

too. I also included environment configuration for nginx-proxy and the variable I found in docs in configuration section, so they match

 environment:
          - VIRTUAL_HOST=books.hptheti
          - JELU_CORS_ALLOWED-ORIGINS=http://books.hptheti

I managed to get it to work by deleting cookies and all site data. Currently have "*" in cors policy. Seems like something got cached with the wrong settings. But clearing the cache and logging in again solved the "Forbidden" errors on all endpoints.

prostolyubo avatar Nov 22 '25 01:11 prostolyubo