How to enable https with nginx reserve proxy behind docker

[hitdependency]

Hi, I'm trying to implement your solution and everything works fine on http, except https

With browser I'm getting 403 forbidden error, trying to login with https://MYDOMAIN/api/v1/auth/login But with curl -X POST https://MYDOMAIN/api/v1/auth/login again everything works

Where can I find server logs?

PS: there is a bug with /app/entrypoint.sh in docker sed -i "s/frontend/$FRONTEND_DOMAIN/g" /etc/nginx/nginx.conf also changes frontend root path in nginx.conf , root /app/frontend/output -> root /app/domain/output and it breaks everything

Thanks.

[amazing-cat]

Hello, Could you please clarify, did you installed the latest version of the Docker application?

I've updated the Docker image with new changes and fix of the Nginx conf, so if you'll reinstall it, probably it will solve the issue.

I just launched an instance with a new Docker image via cattr.sh and https has been enabled successfully there.

Nginx logs are stored in the container under /var/log/nginx/. Backend app logs are under /app/backend/storage/logs/.

[hitdependency]

I just launched an instance with a new Docker image via cattr.sh and https has been enabled successfully there.

Thank you for the fast reply. I updated image and I'm sure it works, but my cattr container is behind reverse proxy,

docker run 8080:80 and I'm proxy_pass'ing https with my own nginx.

With curl it works (from everywhere, even from container itself):

❯ curl -X POST https://time.XXXXXXX.com/api/v1/auth/login
{
    "success": false,
    "message": "Invalid params",
    "error_type": "authorization.wrong_params"
}%

But in browser, when I'm trying to log in I see "Authorization error" and console shows this:

    * Request URL: https://time.XXXXXXXX.com/api/v1/auth/login
    * Request Method: POST
    * Status Code: 403 Forbidden
    * Remote Address: 176.xxx.xxx.174:443

And it's only with https, as I said, http works just fine. Maybe it’s a lack of my administrative skills, but I haven’t seen this before.

Reverse proxy config is quite simple:

   server_name time.XXXXXX.com;
   location / {
                 proxy_set_header Host $host;
                 proxy_http_version 1.1;
                 proxy_pass http://localhost:8080;
                 proxy_set_header X-Forwarded-Host $server_name;
             proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header X-Forwarded-Proto  $scheme;
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header X-NginX-Proxy true;
                 proxy_set_header Connection "upgrade";
                 proxy_redirect off;
                 client_max_body_size 1000m;
    }

If you want to help me I can provide more info in telegram: @northdamage

[amazing-cat]

We have found out a reason for this problem, it's a wrong config of the backed CORS module. We'll include a permanent fix in the next release (It will become available on Monday), but as an emergency fix, you can edit /app/backend/.env file in your container.

Find string ALLOWED_ORIGINS=http://127.0.0.1:8080 and replace the value with an asterisk, so you'll get ALLOWED_ORIGINS=*. Don't forget to save file and then run php/app/backend/artisan config:cache.

[hitdependency]

Thank you a lot, now it works like a charm! I already tried to change config with asterisk, but didn't know about artisan config:cache