Closed soakes closed 5 years ago
Quick update.
After doing some further testing, I now can confirm that this issue isn't present using just a sub domain.
2FA is working correctly with the client and logging into site as long as its setup as a subdomain and not folder.
Hi :)
How about changing the https redirect directive to: return 301 https://$server_name$request_uri;
Not sure about this, but: I'm not using the --- root /usr/share/nginx/html; Variable at all as i'm redirecting anything anyways Could you try to remove them out of the http and https directive?
Additional help: https://www.bjornjohansen.no/nginx-redirect
There you can find a bunch of very good examples for redirecting. Let's see if that helps.
Let me know if any of this worked :) Greets
Hi @Miller101,
Thank you very much for the suggestion and that truly awesome website.
The reason for the root is so letsencrypt can create the initial and renewal certificates as it creates the .well-known hash files in there to authenticate. However, I do agree that usually you would not need it however, you have to remember that you don't want EVERYTHING redirected to SSL as the http://example.com/.well-known/acme-challenge/HASHFILE needs to be accessible without https as thats whats used to confirm the owner of the domain.
With regards to testing it, that won't be so easy as that server has been changed to subdomain and is now in LIVE service. I will see if I get a little time over the weekend and knock up a quick box and re-test all the suggestions that you have supplied so we and everyone else knows the exact solution.
Kind Regards,
Simon
Hi Guys,
I believe I have just found a bug when using the client to log you into the site if your running under sub folder setup with 2FA enabled for that user.
If you goto https://example.com/seafile, it all works as expected. The client login (i.e. click on domain name inside the client which also directs you to this URL) works correctly if you do not use 2FA.
If you try the same but enable 2FA (google auth), the login fails with page cant be found (Sorry, but the requested page could not be found.). The URL it try's to send you to is, https://example.com/seafile/seafile which is clearly wrong.
This config is exactly the same with and without 2FA and as long as you don't use 2FA, then the login works correctly. The sub folder config has also been taken from your website/docs.
I can only suspect its something to do with the 2FA auth check on the client when the client logs you in. I can confirm that the 2FA login via website or the initial client login is working as expected (i.e. asking for 2FA details). This bug is only present if your logged in on the client and your using it to automatically log you into the website i.e. clicking on domain/auto login within client. If you right click and copy location on the client, it shows correct i.e. https://example.com/seafile.
I can confirm that this is present with the latest seafile-pro-server-6.0.13 and also the MacOS client version 6.04, which as of this writing are both the latest available.
I have also just confirmed this on the latest Windows client.
Hope this information is of use.
As a TEMP solution, I am disabling 2FA auth, just to fix the problem.
I am also enclosing the nginx and seahub_settings.py configs, just in case the problem is me which I don't think it its.
nginx config
ccnet.conf
seahub_settings.py