Issue with hosting script-server on subpath using nginx

[BrunoAFK]

I'm trying to host a script-server in a Docker container and use nginx on my host machine to host it on a subpath /control. However, even with the following configuration, I am redirected to https://127.0.0.1:5000/index.html instead of mysite.com/control:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name mysite.com;
    root /var/www/mysite.com;
    
    # security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    #FOLDERS PROTECTION, BYPASS WHOLE APP AND JUST THROW 403
    location ~ /(protected|framework|nbproject|.git) {
        deny all;
        access_log off;
        log_not_found off;
    }

    #PROTECT ANY DOT FILE, BYPASS WHOLE APP AND JUST THROW 403
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    #FILES PROTECTION, BYPASS WHOLE APP AND JUST THROW 403
    location ~ \.(gitignore|htaccess|bak|bat|config|cfg|yaml|lock|cache|sql|fla|md|psd|ini|log|sh|inc|swp|mwb|dist|bin|exe|bash)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    #IF STATIC FILES ARE NOT FOUND, BYPASS WHOLE APP AND JUST THROW 404
    location ~ \.(js|css|png|jpg|jpeg|gif|svg|swf|ico|pdf|mov|fla|zip|rar|woff|woff2|ttf|html|htm|json)$ {
        try_files $uri =404;
    }
    
    # Disable directory index
    autoindex off;%

   location ^~ /control/ {
        proxy_pass_header Server;
        proxy_set_header Host $proxy_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:5000/;

        # needed for websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Origin http://$proxy_host;
    }
}

[bugy]

Hi @BrunoAFK could you try removing proxy_set_header X-Scheme $scheme; ?

See https://github.com/bugy/script-server/issues/406

I'll update the documentation, apparently this is not needed for nginx

[BrunoAFK]

I try to do that, but didn't help

[bugy]

Very strange, it worked on my machine, with exactly your configuration. Asking just in case: did you restart the server after applying those changes? :sweat_smile: Btw, are you sure, that you are using exactly this configuration? My nginx was complaining on % sign in the middle of the config

[vbraun]

I ran into the same issue, nginx reverse proxy https -> http. But being redirected to https. The "/" handler from the script server

2023-03-27 17:44:49,598 [tornado.access.INFO] 302 GET /index.html (redacted) 0.39ms

generates a redirect to https://localhost:5000/index.html, which nginx then does not change because the proxy path is http://localhost:5000 without the https.

I changed the protocol to http in src/utils/tornado_utils.py for now:

def get_full_url(relative_url, request_handler):
    request = request_handler.request
    host_url = 'http://' + request.host
    return urljoin(host_url, relative_url)