Closed bellisk closed 2 weeks ago
@bellisk Definitely worth reporting, thank you. I'll check my own nginx config and at minimum we can add some documentation about how best to configure this. Our goal with v1 is to support more guided/low-friction installs which means this kind of config will have to be standardized/documented anyway.
Describe the bug I've deployed my own Ourchive instance following the steps described here, including setting up SSL using certbot and an nginx reverse proxy. POST requests to the site (e.g. creating a new user or new work) were not successful, even after working around #131. No errors were logged.
After some debugging, this turned out to be because the nginx config from certbot redirects all requests from http://example.org to https://example.org with a 301 response, which browsers generally respond to by transforming the request method to GET.
The problem here is that this seems to be happening all the time. Although I am visiting my Ourchive site with the https:// url, every request is first accepted as an http request and a 301 response is returned. The subsequent request to the https:// url then uses the GET method. This meant that no POST requests were working at all.
I have solved this for now by adjusting the nginx config to redirect with a 308 response code, which doesn't change the request method on redirect. This might be more of an nginx issue (?) but I thought it was worth reporting anyway.
To Reproduce
Expected behavior Creating a new user, new work, etc. should succeed.
Desktop (please complete the following information):
Hosting Digital Ocean droplet running Ubuntu 22.04.
Additional context nginx config:
Example logs: