PhilReinking
commented
4 months ago Hey @j0fr3y, I was unable to reproduce that with my setup. Anything else you did there? Do you use a proxy in front of the app?
Open j0fr3y opened 4 months ago
PhilReinking
commented
4 months ago Hey @j0fr3y, I was unable to reproduce that with my setup. Anything else you did there? Do you use a proxy in front of the app?
j0fr3y
commented
4 months ago Hey Philipp, unfortunately not. I did double check with this command.
docker run -d -p 8080:8080 --name input -v input-data:/var/www/html/storage -e APP_URL=http://192.168.178.58 ghcr.io/deck9/input:main I again got the 401 error on /api/forms. I guess something is broken within my server.
shurco
commented
4 months ago I have the same error - clean install
# Create Docker Volume
docker volume create input-data
# Run the container using port 8080 on the host
docker run -d -p 8080:8080 --name input \
-v input-data:/var/www/html/storage \
ghcr.io/deck9/input:main
f0sh
commented
3 months ago @PhilReinking I ran into the same issue. No proxy, just the vanilla image.
Deployed with docker-compose (Docker Standalone 20.10.20)
version: '3.2'
services:
input:
image: ghcr.io/deck9/input:main
container_name: input
hostname: input
volumes:
- input-data:/var/www/html/storage
ports:
- 8080:8080
restart: unless-stopped
volumes:
input-data:Container starts succesfully and the registration process can be done. However, after the setup is done, GET on /api/forms returns a 401. Clicking on Create a form triggers a POST on /api/forms with the same 401.
failed to load resource: the server responded with a status of 401 (Unauthorized) :8080/api/forms:1
Edit: It might be already logical, but for being clear the server response of the request is
{"message":"Unauthenticated."}Container Log
INFO Nothing to migrate.
2024-03-06 17:10:30,579 INFO supervisord started with pid 11
2024-03-06 17:10:31,583 INFO spawned: 'artisan-schedule' with pid 12
2024-03-06 17:10:31,587 INFO spawned: 'nginx' with pid 13
2024-03-06 17:10:31,591 INFO spawned: 'php-fpm' with pid 14
[06-Mar-2024 17:10:31] NOTICE: fpm is running, pid 14
[06-Mar-2024 17:10:31] NOTICE: ready to handle connections
INFO No scheduled commands are ready to run.
2024-03-06 17:10:32,922 INFO success: artisan-schedule entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-03-06 17:10:32,922 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-03-06 17:10:32,922 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
123.123.123.123 - - [06/Mar/2024:17:11:02 +0000] "\x16\x03\x01\x02S\x01\x00\x02O\x03\x03\x06\xB4\xAD\xBB8\x9A\xBB\xC0\xCA\xC5\xFB\x04;-\xB9\x90khg\x96\x8E\xFE\xE2|\xB2\x9Cw\x9D\xBD}\xD9\xE0 \x86\xE0\x22\x13\xA4\xA2\x5CM\x0CB\xC6=\x81\x96\x8D\xC3Yz\xCDKru\x89<pe\x8F\xC7\xA3\xE3\x09\xA2\x00 jj\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\xE6" 400 150 "-" "-" "-" 0.203 - . -
123.123.123.123 - - [06/Mar/2024:17:11:03 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03?\xC4\xA0\x9F/\x80\x8F\x06B\xE3\xB3!\x81\x08,\x08\xA8|\x9E\xE3\x15\xC2\xF7\xD0\x9A\xC2\x05\xE4\xE0o\xC2\xC2 \x8F\x9E\xD8\xF1\xBB@U6kB\xE5N\xF4\xEAX\xC0=\xCE9\xD2\xF5\xD4\x07\xBEm\xE4Z6\x9D8\x12j\x00 \xBA\xBA\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93ZZ\x00\x00Di\x00\x05\x00\x03\x02h2\x00" 400 150 "-" "-" "-" 0.203 - . -
123.123.123.123 - - [06/Mar/2024:17:11:04 +0000] "GET / HTTP/1.1" 302 394 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.493 0.494 . -
123.123.123.123 - - [06/Mar/2024:17:11:04 +0000] "GET /login HTTP/1.1" 302 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.060 0.060 . -
123.123.123.123 - - [06/Mar/2024:17:11:04 +0000] "GET /register HTTP/1.1" 200 9998 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.072 0.072 . -
123.123.123.123 - - [06/Mar/2024:17:11:05 +0000] "GET /build/app/assets/Register-ab7ee7a5.js HTTP/1.1" 200 3520 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.000 - . -
123.123.123.123 - - [06/Mar/2024:17:11:16 +0000] "POST /register HTTP/1.1" 302 370 "http://my.host.com:8080/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.148 0.148 . -
123.123.123.123 - - [06/Mar/2024:17:11:16 +0000] "GET / HTTP/1.1" 302 422 "http://my.host.com:8080/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.037 0.037 . -
123.123.123.123 - - [06/Mar/2024:17:11:16 +0000] "GET /teams/create HTTP/1.1" 200 571 "http://my.host.com:8080/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.029 0.024 . -
123.123.123.123 - - [06/Mar/2024:17:11:16 +0000] "GET /build/app/assets/Create-ed6e822d.js HTTP/1.1" 200 2186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.000 - . -
123.123.123.123 - - [06/Mar/2024:17:11:21 +0000] "POST /teams HTTP/1.1" 302 370 "http://my.host.com:8080/teams/create" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.056 0.051 . -
123.123.123.123 - - [06/Mar/2024:17:11:21 +0000] "GET / HTTP/1.1" 200 606 "http://my.host.com:8080/teams/create" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.023 0.023 . -
123.123.123.123 - - [06/Mar/2024:17:11:22 +0000] "GET /api/forms HTTP/1.1" 401 41 "http://my.host.com:8080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.013 0.013 . -
123.123.123.123 - - [06/Mar/2024:17:12:57 +0000] "POST /api/forms HTTP/1.1" 401 41 "http://my.host.com:8080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.036 0.036 . -
coreyandrews
commented
3 months ago I have the same issue. Same setup as above, but trying with Firefox.
f0sh
commented
3 months ago I was playing around and somehow had the feeling, it's because of an missing tls encrypted connection to get cookie data etc.
Turns out, that this solved the problem and I got it working after using an tls encrypted https:// connection instead of plain http://.
However I'm still not 100% sure, what is the reason, why a plain http:// connection doesn't work for the API.
PhilReinking
commented
3 months ago @f0sh thanks for the docker-compose.yml. I tried to reproduce it like that. For me, it works as long as I access it directly without proxy via localhost:8080.
I get the unauthenticated error only if I set up a Proxy in front of the docker image. The reason it then stops working is, that the app uses a stateful authentication via cookies. There is a middleware preventing the cookies from working if the Host is not trusted.
Usually, this means setting the APP_URL env to the value the application is accessed through.
Can any of you guys confirm that you had somehow set up a proxy and not set the APP_URL?
I mean, if this is the problem, I really need to clarify that in the docs or think of another authentication method that does not produce errors like this.
f0sh
commented
3 months ago @f0sh thanks for the docker-compose.yml. I tried to reproduce it like that. For me, it works as long as I access it directly without proxy via localhost:8080.
I get the unauthenticated error only if I set up a Proxy in front of the docker image. The reason it then stops working is, that the app uses a stateful authentication via cookies. There is a middleware preventing the cookies from working if the Host is not trusted.
Usually, this means setting the
APP_URLenv to the value the application is accessed through.Can any of you guys confirm that you had somehow set up a proxy and not set the APP_URL?
As seen in the logs I directly accessed the container without any proxy. However I did not set the APP_URL parameter, as this was not mentioned in the Quick-Start section of the README.md. I only added the APP_URL after I put the container behind the proxy.
I just took my configuration and setup as before and added the APP_URL and worked instantly.
version: '3.2'
services:
input:
image: ghcr.io/deck9/input:v1.8.2
container_name: input
hostname: input
volumes:
- input-data:/var/www/html/storage
ports:
- 8080:8080
restart: unless-stopped
environment:
- APP_URL="https://localhost:8080"
volumes:
input-data:I mean, if this is the problem, I really need to clarify that in the docs or think of another authentication method that does not produce errors like this.
Maybe the missing APP_URL was the issue for everyone here and the APP_URL parameter should be added to the QuickStart section of the README.md.
PhilReinking
commented
3 months ago @f0sh thx for testing and the PR.
I have an idea what could have caused the authentication error. But I am not sure why it was working on my machine nonetheless.
The default config for app url was set to localhost:8500 but the docker image is using localhost:8080 at one of the build steps. So this might be an issue, but I am not sure.
I just released a new version v1.8.3 where the default value for the app_url is also set to localhost:8080.
I really hope that this was the issue. Would be nice if you could test that again.
Regarding your PR, I probably will accept it as it is right now, but extend it a bit to have a more comprehensive guide on hosting the application, especially with a Proxy.
shurco
commented
3 months ago Don't work for me. Version 18.3. Return 403 error from click on invite link. My docker-compose:
version: '3.9'
services:
input:
image: ghcr.io/deck9/input:main
container_name: input
restart: always
ports:
- '8080:8080'
volumes:
- input-data:/var/www/html/storage
environment:
SESSION_DRIVER: redis
CACHE_DRIVER: redis
REDIS_HOST: redis
REDIS_PORT: 6379
APP_URL: https://input.site.com
MAIL_FROM_ADDRESS: input@site.com
MAIL_FROM_NAME: "Input Message"
MAIL_MAILER: smtp
MAIL_HOST: smtp.mailgun.org
MAIL_PORT: 465
MAIL_ENCRYPTION: tls
MAIL_USERNAME: input@site.com
MAIL_PASSWORD: 11111111111
redis:
image: redis:alpine
container_name: redis
volumes:
- redis-data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
retries: 3
timeout: 5s
volumes:
input-data:
redis-data:According to your configuration, the APP_URL doesn't match the port. If you don't use a proxy try:
APP_URL: https://input.site.com:8080I just released a new version v1.8.3 where the default value for the app_url is also set to
localhost:8080.I really hope that this was the issue. Would be nice if you could test that again.
I was trying the new version, however out of the box it didn't seem to work for me also with :8080 port, no APP_URL env and non-https.
shurco
commented
3 months ago I use proxy (digitalocean balancer)
PhilReinking
commented
3 months ago Ok, thanks for the feedback of you guys. I will need to have a bit more time to look into it, hopefully today!
PhilReinking
commented
3 months ago Ok, I have another set of instructions for you guys. I already updated the README to include that.
If you are running the container behind a proxy, please make sure that your proxy is setting the following headers. Here an example for nginx:
location / {
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_http_version 1.1;
# Pass the request to the address of the docker container
proxy_pass http://127.0.0.1:8080;
}If the headers are not set, the application fails in using the cookie authentication. Can you confirm if this helps?
PhilReinking
commented
3 months ago @shurco when using digital ocean you might look into Proxy Protocol Setting: https://docs.digitalocean.com/products/networking/load-balancers/how-to/manage/#proxy-protocol
gainerz
commented
3 months ago Hi, still have issue on clean install GET https://sub.mydomain.net/api/forms 401 (Unauthorized) same on nginx with provided options and traefik
My yml file with traefik:
services: traefik: image: "traefik" restart: always command:
sub.mydomain.net)PhilReinking
commented
2 months ago @j0fr3y @shurco @f0sh @gainerz just released a new version that should tackle the current problem with creating forms.
Can you please confirm that the issue is solved?
j0fr3y
commented
2 months ago Yesss it works flawless on my Server. 🎉
PhilReinking
commented
2 months ago @j0fr3y thanks for testing it out so fast 😄 Will wait for other responses before closing it, but hopefully this issue is solved.
f0sh
commented
2 months ago @j0fr3y @shurco @f0sh @gainerz just released a new version that should tackle the current problem with creating forms.
Can you please confirm that the issue is solved?
I'm currently away, but I'll try to test it, mid of next week. @PhilReinking Thanks for your efforts.
gainerz
commented
2 months ago @f0sh still facing this problem on traefik setup. Later on i will check it with nginx again.
Setup went great and everythig is installed correctly via docker simple setup, but when i try to create a new form the spinner spins for a second and nothing happens. I am using Safari on an ipad. When opening console. It gives me an 403 Unauthenticated. Settings and API Token generation works.