Login page reloads when logging in, when accessed through reverse proxy

[zodac]

First Check

• [X] This is not a feature request
• [X] I added a very descriptive title to this issue.
• [X] I used the GitHub search to find a similar issue and didn't find it.
• [X] I searched the documentation, with the integrated search.
• [X] I already read the docs and didn't find an answer.

Homebox Version

v0.10.1

What is the issue you are experiencing?

When I log in to my instance, the authorization is successful (invalid credentials fail as expected), but then the page reloads back to the login screen. This only happens when I'm accessing through a public web address, through my Apache HTTPD reverse-proxy.

Things are fine when logging in through the local machine, and was working fine until I upgraded from 0.9.2 to v0.10.1. I've also tried the latest nightly-rootless, but it didn't fix things.

I am able to see this error in the logs when the reload occurs: go/src/app/internal/web/mid/errors.go:31 > ERROR occurred error="Authorization header or query is required" req_id=homebox/AaPYwvp3zx-000282

How can the maintainer reproduce the issue?

Not really sure, this is probably a mix of my reverse-proxy and Homebox itself. I could provide logs and do some any testing that might help?

Deployment

Docker (Windows)

Deployment Details

homebox: image: ghcr.io/hay-kot/homebox:v0.10.1 container_name: homebox hostname: homebox environment: HBOX_LOG_LEVEL: "info" HBOX_LOG_FORMAT: "text" HBOX_WEB_MAX_UPLOAD_SIZE: "10" HBOX_OPTIONS_ALLOW_REGISTRATION: "false" networks:

• home ports:
• "port:7745" restart: unless-stopped volumes:
• ./storage/homebox/:/data/

[hay-kot]

I switched to a stricter cookie setup for authentication, you're likely a victim of this change :(

Could you verify that you are properly forwarding the the domain from the original browser request to the backend? For example, if you access HomeBox on hb.example.com that domain needs passed to the backend so that we can restrict the cookie to that domain. This is a requirement for HTTP Only cookies. If your proxy instead passes it's IP as the domain, the cookies wouldn't work and you would be redirected to the login page.

I believe this problem may be manifesting in a few other places as well, so I plan to add some more logging capabilities to assist in troubleshooting in the future.

[zodac]

My config is pretty basic:

<VirtualHost *:80>
    ServerAdmin email@address.com
    ServerName  hb.example.com
    ProxyPass / http://ipaddress:port
</VirtualHost>

I'm not sure what you mean about 'forwarding the domain', but I'm happy to look into it. Do you have any reference configurations (even for another reverse proxy, like nginx) that I can check out to get started?

Thanks for confirming it's not unexpected though. Worst case, I can always roll back to v0.9 until I get this sorted. :)

[zodac]

Ok, it didn't take long to figure that out. :)

I just needed to add ProxyPreserveHost on to my VirtualHost configuration, and things are looking good again.

[rainsword]

I have encountered a similar issue. I used Nginx as the proxy, but even after adding proxy_set_header, the problem persists. Here is my configuration:

    location /homebox/ {
        proxy_pass http://homebox:7745/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

[rainsword]

Add some more information:

[hay-kot]

@rainsword try reloading your cache and clearing your cookies. That issue may be unrelated to this one.

[rainsword]

I have cleared my cache, but the problem persists. I think it may be related to path issues. My domain is http://abc.def, and I use Nginx with a location set to http://homebox:7745/, which is running in a separate local container. The service should be accessed through http://abc.def/homebox, but instead, the service responds with about 33 errors like : GET http://abc.def/_nuxt/entry.8157581e.css net::ERR_ABORTED 404 (Not Found)

The link changes to http://abc.def/_nuxt, and I tried adding a new location in Nginx like this:

    location /_nuxt/ {
        proxy_pass http://homebox:7745/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

After adding this location, the other 33 errors were resolved, but a new error occurred: "Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html". Strict MIME type checking is enforced for module scripts per HTML spec."

Therefore, I think there may be an issue with relative paths when using Nginx as a proxy. The code cannot correctly resolve the relative URLs.

My enviroment:

Client(IP1) --------- Server(http://abc.def) Container1: Proxy_Nginx-Port 80 Container2: Homebox-Port 7745 Container2 can support services with ports like http://abc.def:7745

[hay-kot]

Oh, yeah we don't support serving on a path. The front end framework we use requires the base path to be known at build time, so we can't support it.

[rainsword]

OK, got it