Unable to configure cozy-stack through a reverse proxy

[dylanbob]

Hi

I'm having a problem with the instance domain and reverse proxy redirection, trying to install cozy-stack on debian Stretch with nginx as a reverse proxy.

I am using the latest binary release (cozy-stack-linux-amd64-2017M2-alpha) and couchdb in a docker (up to date) as in your guide. I've been through the cozy-stack serve and curl -H 'Accept: application/json' 'http://cozy.tools:8080/status/' which does work as expected.

The problem comes when I want to access the cozy-stack from my my computer. I added an instance this way : cozy-stack instances add --dev --apps drive,settings,onboarding --passphrase cozy "cozy.lvh.me:8081" I chose lvh.me to stay consistent with my web services and chose the 8081 port because a node instance already is on the 8080.

[Note : To make this command work, I had to create a file ./.cozy/cozy-admin-passphrase with the command cozy-stack config passwd . (and cozy as a password) from my working directory with the cozy-stack binary (this isn't on the installation guide)]

I can then access the login page from my web browser (on my computer, outside the server). When I try to login with the password cozy, i get redirected to cozy.lvh.me:8081 ! Here is the http response :

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Jun 2017 20:57:30 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 45
Connection: keep-alive
Content-Security-Policy: default-src 'self';img-src *;
Set-Cookie: cozysessid=AAAAAFlSxro0YzdlZjlmNzg4ZGU1Yzk2MTEyNmJmZGRhNzAyZmZjM3wLyeWMDj8lsvC-v1CbNiBMcTCN5T00p2CmQ56j9-dM; Path=/; Domain=cozy.lvh.me; Max-Age=604800; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{"redirect":"http://drive.cozy.lvh.me:8081/"}

The body is indeed {"redirect":"http://drive.cozy.lvh.me:8081/"} which cannot work. It seems that the cozy instance is trying to redirect me based on the local domain name.

How am i supposed to create the instance and configure my nginx reverse proxy ? How cna I configure the internet domain name to my cozy-stack ?

Here is my nginx config file :

server {
       listen         XXX.XXX.XXX.XXX:80;
       server_name    cozy.mydoma.in;

        root /var/www/nginx;
        index index.html;

        access_log /var/log/nginx/cozy_access.log;
        error_log /var/log/nginx/cozy_error.log;

        location / {
                proxy_pass http://cozy.lvh.me:8081;
        }
}

I tried instaciating the instance with my domain name : ./cozy-stack instances add --dev --apps drive,settings,onboarding --passphrase cozy "cozy.mydoma.in" and chaging the nginx config file to proxy_pass http://cozy.mydoma.in; but of course that is not the solution, as I cannot access the service at all.

Hope I was clear

[nono]

Hello,

thanks for being one of the very few first people to try to self-host cozy V3. We don't have yet an official guide for installing it, but @clochix has written some notes here: https://clochix.github.io/gozy-docs/en/install/manual/). It is still work in progress, and your feedback is important to improve them.

I think your issue comes from the nginx config. Can you try with the nginx config explained in https://clochix.github.io/gozy-docs/en/install/manual/#sample-configuration-files?

[dylanbob]

Hi I was able to run the server, thanks to your help and the guide you sent me. My errors were :

• not using the internet domain name for the instances add, I should have put :

  cozy-stack instances add --dev --apps drive,settings,onboarding --passphrase cozy "cozy.mydoma.in"

• in the nginx config file :
  • configuring the domain name correctly : server_name .cozy.mydoma.in; as explained in the nginx documentation, this has the same effect as server_name cozy.mydoma.in *.cozy.mydoma.in; (ie cozy.exterre.net and all its subdomains)
  • setting the proxy configuration right. In fact I had tried in that way but without having instanciated the stack correctly, thus getting the "unknown instance" error. My conf is now as follows :

    
    server {
    listen         XXX.XXX.XXX.XXX:80;
    server_name    .cozy.mydoma.in;
    return         301 https://$host$request_uri;
    }

server { listen XXX.XXX.XXX.XXX:443 ssl http2;

    server_name .cozy.mydoma.in;

    root /var/www/nginx;
    index index.html;

    gzip_vary on;
    client_max_body_size 1024M;

    access_log /var/log/nginx/cozy_access.log;
    error_log /var/log/nginx/cozy_error.log;

    include tls/cozy.mydoma.in.conf;
    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload;";

    location / {
            proxy_set_header X-Real-IP $remote_addr;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;

            proxy_pass http://cozy.lvh.me:8081;
    }

}

There are some differences with the guide you provided me. I'm using a different way to redirect http to https, because some http request were leaking to other web services my nginx is running.
- Ho and finally I had to put a wildcard `*.cozy.mydoma.in CNAME mydoma.in.` in my dns configuration.

I did not fully tested it yet, but the web access seems to be working on http/2 with TLS on (https).

[nono]

Thanks for the feedbacks. As I understand from #792, we can close this issue.