server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon etesync

When surfing 0.0.0.0:8001, message "Invalid host header" appears. Is this supposed to happen? What's next?

Open ManmadeStarch opened this issue 2 years ago • 3 comments

So far, I've successfully done the basic setup, nginx production setup and installed SSL certificate. But when I start the uvicorn etebase_server.asgi:application --port 8001 --host 0.0.0.0 and try to access it I get the mentioned message. Throughout the process it was never "it works!" This is how my SSH terminal looks like (I anonymized username):

(.venv) user@user:~/etebase$ uvicorn etebase_server.asgi:application --port 8001 --host 0.0.0.0
INFO:     Started server process [6035]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://0.0.0.0:8001 (Press CTRL+C to quit)
INFO:     192.168.1.118:49837 - "GET / HTTP/1.1" 400 Bad Request
INFO:     192.168.1.118:49842 - "GET / HTTP/1.1" 400 Bad Request
WARNING:  Invalid HTTP request received.
INFO:     192.168.1.118:49854 - "GET / HTTP/1.1" 400 Bad Request
^CINFO:     Shutting down
INFO:     Waiting for application shutdown.
INFO:     Application shutdown complete.
INFO:     Finished server process [6035]

Once I got this line INFO: 192.168.1.118:64756 - "GET /favicon.ico HTTP/1.1" 400 Bad Request This is how my etebase_nginx.conf looks like (I adjusted things in bold, just leaving them away here):

# etebase_nginx.conf

# the upstream component nginx needs to connect to
upstream etebase {
    server unix:///tmp/etebase_server.sock; # for a file socket
    # server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}

# configuration of the server
server {
    # the port your site will be served on
    listen      8000;
    # the domain name it will serve for
    server_name **mydomain.com**; # substitute your machine's IP address or domain name
    charset     utf-8;

    # max upload size
    client_max_body_size 75M;   # adjust to taste

    location /static/ {
        alias **path-to-static**; # Project's static files
    }

    location / {
        proxy_pass http://etebase;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/**mydomain.com**/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/**mydomain.com**/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

From your README.md:

The Etebase server needs to be aware of the URL it's been served as, so make sure to forward the Host header to the server if using a reverse proxy. For example, you would need to use the following directive in nginx: proxy_set_header Host $host;.

This part is a bit confusing for me. Do I need a reverse proxy for this to work? Do I have to change parameters here also in mydomain.com? Please tell me if this is how finalized version of nginx should look like. This is the point where I find myself clueless. I did both ./manage.py collectstatic and ./manage.py migrate

There are no further steps explained clearly on your wiki pages. I saw that ./manage.py createsuperuser has to be done at some point, but my service still does not work over https and I get this "invalid host header" message.

Could please someone help me in next steps? Thank you very much.

P.S. Only thing I didn't enable (yet) is starting uvicorn at boot.

ManmadeStarch avatar Jul 11 '23 04:07 ManmadeStarch

I found out what the issue was. I had to add my local IP as allowed host in etebase-server.ini besides my domain name and it worked. But still, what should I do next?

ManmadeStarch avatar Jul 11 '23 04:07 ManmadeStarch

I've managed to bring up the server running. It runs perfectly. Now, another question arose. My service is available at mydomain.com:443. Is it possible to run HTTPS service without occupying port 443? I would like to host various instances with the same domain mydomain.com, but different instances would be available via different ports. When I get SSL certificate for mydomain.com, do I need to run certbot for verey instance which uses this domain but different port? Could someone please show me which settings should I change for etebase to be accessible from different port than 443?

ManmadeStarch avatar Jul 11 '23 15:07 ManmadeStarch

@ManmadeStarch yes it's possible to use another port than 443. If you use the same domain name, the same certificate should be possible to use.

I can try to to show you how to do this, but it's not really clear to me what is your final working configuration.

daftaupe avatar Jul 22 '23 18:07 daftaupe