search

ether / etherpad-lite

Etherpad: A modern really-real-time collaborative document editor.
http://docs.etherpad.org/
Apache License 2.0
16.32k stars 2.82k forks source link

Nginx reverse proxy, static files not loading #3325

Closed moretocome closed 6 years ago

moretocome commented 6 years ago

I try to make etherpad-lite available in a subfolder of my domain with a nginx reverse proxy.

I can get to the etherpad-lite front page through the proxy, but no static files are loading, and in the access log, I can see that nginx tries to send them to the php-handler instead of etherpad-lite.

My nginx config:

map $server_port $logrealip {
    default $proxy_protocol_addr;
    80 $remote_addr;
    443 $remote_addr;
}

fastcgi_cache_path /usr/local/tmp/cache levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
map $request_uri $skip_cache {
    default 1;
    ~*/thumbnail.php 0;
    ~*/apps/galleryplus/ 0;
    ~*/apps/gallery/ 0;
    ~*/apps/audioplayer/ 0;
}

server {
    listen 80 default_server;
    listen XX080 proxy_protocol default_server;

    server_name cloud.example.com;
    #Your DDNS adress, (e.g. from desec.io or no-ip.com)

    location ^~ /.well-known/acme-challenge {
        proxy_pass http://127.0.0.1:81;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2 default_server;
    listen XX443 ssl http2 proxy_protocol default_server;

    server_name cloud.example.com;

    #ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem;
    #ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem;
    #ssl_trusted_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem;

    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }

    location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }

    client_max_body_size 2047M;
    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~* \.(?:flv|mp4|mov|m4a)$ {
        mp4;
        mp4_buffer_size 5m;
        mp4_max_buffer_size 10m;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        include php_optimization.conf;
        fastcgi_pass php-handler;
        fastcgi_param HTTPS on;
        fastcgi_no_cache $skip_cache;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        include php_optimization.conf;
        fastcgi_pass php-handler;
        fastcgi_param HTTPS on;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache NEXTCLOUD;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~ \.(?:css|js|woff|svg|gif)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=15778463";
        access_log off;
        expires 30d;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
        expires 30d;
    }

    location /pad {
        rewrite                /pad/(.*) /$1 break;
        rewrite                ^/pad$ /pad/ permanent;
        proxy_pass             http://localhost:9001/;
        proxy_pass_header Server;
        proxy_redirect         / /pad/;
        proxy_set_header       Host $host;
        proxy_buffering off;
    }

    location /pad/socket.io {
        rewrite /pad/socket.io/(.*) /socket.io/$1 break;
        proxy_pass http://localhost:9001/;
        proxy_redirect         / /pad/;
        proxy_set_header Host $host;
        proxy_buffering off;
        proxy_set_header X-Real-IP $logrealip;  # http://wiki.nginx.org/HttpProxyModule
        proxy_set_header X-Forwarded-For $logrealip; # EP logs to show the actual remote IP
        proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
        proxy_set_header Host $host;  # pass the host header
        proxy_http_version 1.1;  # recommended with keepalive connections
        # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

    location /static {
        rewrite /static/(.*) /static/$1 break;
        proxy_pass http://localhost:9001/;
        proxy_set_header Host $host;
        proxy_buffering off;
    }

}

# we're in the http context here
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

From access.log:

192.168.X.XY - - [09/Feb/2018:14:25:32 +0100] "GET /pad/static/custom/index.css HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0" "-" "cloud.example.com" sn="cloud.example.com" rt=0.348 ua="unix:/run/php/php7.1-fpm.sock" us="302" ut="0.348" ul="17" cs=BYPASS

Does anyone have an idea on how I can make sure the etherpad-lite static files are served from the right place?

Thanks in advance!

moretocome commented 6 years ago

I used native ssl instead of the proxy.

Aster-the-Med-Stu commented 5 years ago

Same thing happening here...

muxator commented 5 years ago

There may be some issues:

  1. you have some location /<etherpad-specific> sections that supposedly should catch etherpad-specific urls
  2. the try_files directives get triggered because they are inside a regex location section, and regex section are always checked after literal prefix matches unless they are not explicitly turned off. From the nginx core module documentation:

    If the longest matching prefix location has the “^~” modifier then regular expressions are not checked. But you are not using the ^~ modifier, so the regex are evaluated and bring you to index.php

  3. the rewrite in the /pad/static section is wrong. It should perform /pad/static/(.*) -> /static/$1, and instead rewrites /static/(.*) -> /static/$1, thus doing nothing.

Try these modifications (they worked on a quick replica of your config):

@@ -109,7 +105,7 @@ server {
         expires 30d;
     }

-    location /pad {
+    location ^~ /pad {
         rewrite                /pad/(.*) /$1 break;
         rewrite                ^/pad$ /pad/ permanent;
         proxy_pass             http://localhost:9001/;
@@ -119,7 +115,7 @@ server {
         proxy_buffering off;
     }

-    location /pad/socket.io {
+    location ^~ /pad/socket.io {
         rewrite /pad/socket.io/(.*) /socket.io/$1 break;
         proxy_pass http://localhost:9001/;
         proxy_redirect         / /pad/;
@@ -135,8 +131,8 @@ server {
         proxy_set_header Connection $connection_upgrade;
     }

-    location /static {
-        rewrite /static/(.*) /static/$1 break;
+    location ^~ /pad/static {
+        rewrite /pad/static/(.*) /static/$1 break;
         proxy_pass http://localhost:9001/;
         proxy_set_header Host $host;
         proxy_buffering off;

Most important point:

Do you know if this configuration was copied from somewhere?

If so, it would be a good idea to modify the original documentation in order to fix the problem for other users too.