bertvandepoel
commented
3 years ago Tabby relies on mod_rewrite in Apache or similar features in other web servers like nginx and lighttpd to map all non-existent requests to index.php. The installer contains checking code that verifies whether this mapping (with the included .htaccess) is done correctly. If you're a coder, you can see the checks on https://github.com/bertvandepoel/tabby/blob/master/resources/install.php#L55
If the verification of the mapping as part of installation fails (see https://github.com/bertvandepoel/tabby/blob/master/index.php#L104 if you're a coder), a message is displayed after installation to notify you of this. So the installer should finish with a message like:
By default, Tabby uses a .htaccess file with mod_rewrite to support semantic URLs and hide the changelog.txt file
It seems visits to semantic URLs aren't correctly mapped to index.php. If you are running Apache, please verify that mod_rewrite is enabled and either allow .htaccess files ("AllowOverride All" on the Directory context, "AccessFileName .htaccess" globally) or appropriately move the contents of .htaccess to a VirtualHost or Directory context within your configuration. If you are using nginx, add a fallback to index.php in the appropriate try_files statement. Instructions on how to fall back to index.php are easily available online for other webserver software.
It also seems changelog.txt is publicly available. While this isn't a problem in and by itself, the changelog clearly indicates which version of Tabby you are running. If any security issue would turn up in the future, a possible attacker could deduce whether you are vulnerable or not based on the changelog when it's available. To prevent this, changelog.txt is redirected to index.php. This also means that you can followed identical instructions for Apache. If .htaccess works correctly or its contents are moved to configuration in the right context, both issues should be resolved. If you are using nginx, a rewrite or return can be used prior to try_files to move visits for changelog.txt to the Tabby base URL. Instructions on how to redirect a specific file are easily available online for other webserver software.
Did you perhaps miss these messages in the installer or read them a little too quickly and therefore missed their importance? If you did not get them, could you please post a screenshot of the "installation complete" page with the green Installation completed successfully success message? Either way, I'm willing to look into the installer to hopefully prevent others from having this issue.
bjdm
Hi,
I've been having some trouble getting tabby working for a few days now. I have tried both on an arch linux host system as well as in alpine linux based docker files. I am able to get the database set up and configured fine, however, I am unable to log in or navigate to any other pages other than /? and / with a login screen.
I've now tried with both nginx and apache, both in docker and on the host, but I get the same result either way. I am able to fill out the database configuration (I can see the tables have been made and the user exists), and get to the screen where it says I am able to start using it, however the process stalls at logging in ie. /login 404s or isn't found in try_files etc. (this is the same for all the endpoints in index.php, resources/ and templates/. I was wondering if someone might have a working configuration I might be able to look at?
Many thanks