search

jowilf / starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications
https://jowilf.github.io/starlette-admin/
MIT License
565 stars 59 forks source link

Deployed Version redirects to localhost for authentication #538

Closed usmanarham closed 1 month ago

usmanarham commented 4 months ago

Describe the bug i am following the custom MyAuthProvider for authentication and it works on localhost but when i deploy it on server and hit {server_url}/admin it shows https://{server_url}/admin/login?next=http%3A%2F%2F127.0.0.1%3A8000%2Fadmin%2F

which means its redirecting to localhost

here is my setup 

def init_admin(app: FastAPI) -> None:
    engine = create_async_engine(get_db_url())
    admin = Admin(
        engine,
        title="Admin",
        base_url="/admin",
        statics_dir="static",
        login_logo_url="statics/dark-logo.svg",  # base_url + '/statics/' + path_to_the_file
        auth_provider=MyAuthProvider(allow_routes=["/statics/dark-logo.svg"]),
        middlewares=[
            Middleware(
                SessionMiddleware, secret_key=SECRET
            )
        ],
    )

the login form that shows up is posting on http://127.0.0.1:8000/admin/login instead of the server url, i am thinking there is some kind of setting for this issue can anyone guide me

Environment (please complete the following information):

Additional context Add any other context about the problem here.

usmanarham commented 4 months ago

issue was with my nginx config solved that but now having issues of serving mixed content block

hasansezertasan commented 4 months ago

issue was with my nginx config solved that but now having issues of serving mixed content block

What do you mean by "mixed content block"?

jowilf commented 4 months ago

This looks like #424

usmanarham commented 4 months ago

nginx config redirects every http call to https

`server { listen 80; listen [::]:80;

server_name domain.com;

# Redirect all HTTP traffic to HTTPS
if ($http_x_forwarded_proto != "https") {
    return 301 https://$host$request_uri;
}

location / {
    # Proxy pass to your application
    proxy_pass http://127.0.0.1:8000/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection upgrade;
    proxy_set_header Accept-Encoding gzip;
}

autoindex_localtime on;

}`

admin index page loads with all the static file but when it make call to listing api's using jquery it makes on http and gets blocked by browser

Access to XMLHttpRequest at '**http://**domain.com/admin/api/consumer?skip=0&limit=10&order_by=id%20asc' from origin '**https:**//domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

alg commented 2 months ago

@usmanarham You should configure uvicorn / fastapi to respect x-forwarded-* options.

Option 1. There's a command-line key for that if you are running the app using uvicorn app. See here: https://www.uvicorn.org/deployment/#running-behind-nginx

Option 2. You can set ENV FORWARDED_ALLOW_IPS to * as the environment variable. Since we use Docker for running our apps, we've done it like this right in the Dockerfile that is used to build the app image.

jowilf commented 1 month ago

The solution can be found here -> https://jowilf.github.io/starlette-admin/deployment/