koel icon indicating copy to clipboard operation
koel copied to clipboard
verified publisher icon koel

[Bug]: Cant reach app by ip, when FORCE_HTTPS is enabled

Open alexkutsan opened this issue 1 year ago • 6 comments

Read the Troubleshooting guide.

  • [X] I have read and followed the Troubleshooting guide

Reproduction steps

  1. setup FORCE_HTTPS=true, APP_URL=https://your.domain
  2. Reach app by http by explicit IP address and port

Expected behavior

App accessible both by http and https, by explicit IP address and by domain

Actual behavior

App accessible only by http on domain name. When trying to reach by explicit IP address - browser complains about CORS issues.

Logs

изображение

Koel version

7.0.8

How did you install Koel?

Official Docker image

Additional information

version: '3'

services:
  koel:
    image: phanan/koel:7.0.8
    depends_on:
      - database
    ports:
      - 26005:80
    environment:
      - DB_CONNECTION=pgsql
      - DB_HOST=database
      - DB_PORT=5432
      - DB_USERNAME=koel
      - DB_PASSWORD=
      - DB_DATABASE=koel
      - FORCE_HTTPS=true
      - APP_URL=https://mydomain.com
    volumes:
      - /var/services/homes/alex/music:/music
      - covers:/var/www/html/public/img/covers
      - search_index:/var/www/html/storage/search-indexes

  database:
    image: postgres:13
    volumes:
      - db:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=koel
      - POSTGRES_USER=koel
      - POSTGRES_PASSWORD=
volumes:
  db:
    driver: local
  covers:
    driver: local
  search_index:
    driver: local

alexkutsan avatar Jul 29 '24 13:07 alexkutsan

When I does not setup - FORCE_HTTPS=true - I can't reach app via https because of CORS issues as well. I need both options because usually I reach the app directly from mobile device in tailscale network, but sometimes need access by domain name through nginx proxy

alexkutsan avatar Jul 29 '24 13:07 alexkutsan

You should be able to reach the domain name, https-enabled Koel instance from your mobile device too.

On Mon, Jul 29, 2024 at 15:59 Alexander Kutsan @.***> wrote:

When I does not setup - FORCE_HTTPS=true - I can't reach app via https because of CORS issues as well. I need both options because usually I reach the app directly from mobile device in tailscale network, but sometimes need access by domain name through nginx proxy

— Reply to this email directly, view it on GitHub https://github.com/koel/koel/issues/1809#issuecomment-2256024609, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB5O3UXFNODB6XMRWUH5JXLZOZDC3AVCNFSM6AAAAABLUK7GU6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJWGAZDINRQHE . You are receiving this because you were assigned.Message ID: @.***>

phanan avatar Jul 29 '24 14:07 phanan

I can, bu reaching by domain name - is one more hop for proxying traffic via reverse HTTP proxy that is no so good. So in most cases, I would like to use it in the internal network via HTTP connection in VPN network.

alexkutsan avatar Jul 29 '24 17:07 alexkutsan

If you want to support edge cases like this, I’m open to a PR.

On Mon, Jul 29, 2024 at 19:53 Alexander Kutsan @.***> wrote:

I can, bu reaching by domain name - is one more hop for proxying traffic via reverse HTTP proxy that is no so good. So in most cases, I would like to use it in the internal network via HTTP connection in VPN network.

— Reply to this email directly, view it on GitHub https://github.com/koel/koel/issues/1809#issuecomment-2256566930, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB5O3UWPM7WM6S63WE632ITZOZ6SVAVCNFSM6AAAAABLUK7GU6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJWGU3DMOJTGA . You are receiving this because you were assigned.Message ID: @.***>

phanan avatar Jul 29 '24 17:07 phanan

I would love to, but does not write in PHP. The main(and probably only) thing that needs to be done is to avoid loading assets via HTTP if the app was opened by https, even if FORCE_HTTPS is false.

alexkutsan avatar Aug 01 '24 12:08 alexkutsan

The problem here is that you’re trying to reach one app by IP and domain name, with and without HTTPS. Even with your own dedicated Laravel app, this requirement would pose challenges, and Koel isn’t meant to meet edge cases like this, nor do I have the knowledge and time to make it so.

My stand, albeit maybe disappointing to you, would be: If you’re savvy enough have a custom network setup, you should be savvy enough to customize Koel to adapt to it. After all, the source is open and free :)

On Thu, Aug 1, 2024 at 14:51 Alexander Kutsan @.***> wrote:

I would love to, but does not write in PHP. The main(and probably only) thing that needs to be done is to avoid loading assets via HTTP if the app was opened by https, even if FORCE_HTTPS is false.

— Reply to this email directly, view it on GitHub https://github.com/koel/koel/issues/1809#issuecomment-2262962979, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB5O3UQ772YKQVO5GIJLI43ZPIVONAVCNFSM6AAAAABLUK7GU6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRSHE3DEOJXHE . You are receiving this because you were assigned.Message ID: @.***>

phanan avatar Aug 01 '24 13:08 phanan