Error when running behind a Nginx reverse proxy

[Baptiste-Leterrier]

Describe the bug Hosting safenote on docker and putting a nginx reverse proxy in front of the service return an error upon creation a note. Safenote is exposed on port 8080 on host.

User -- HTTPS (443) --> NGINX ----> Docker (8080) ---> SafeNote (80)

docker run --name=safenotes -v $(pwd)/certs:/safenotes/config -v $(pwd)/safenotes.example.yaml:/safenotes/.safenotes.yaml -p 8080:80 denisrendler/safenotes:latest

When creating a note, I get an error "We've encountered an error storing your note: Network Error" and the link is not transmitted.

No error logs in docker logs No error logs in nginx logs

To Reproduce Steps to reproduce the behavior:

1. Create a secure note
2. Add password
3. Click Send
4. See error

Expected behavior Generate the link to share the note

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Windows 10
• Browser Chrome
• Version Version 88.0.4324.104

Additional context

It works well when not using https on nginx

User -- HTTP (80) --> NGINX ----> Docker (8080) ---> SafeNote (80)

Maybe an issue liked to the generation of the note URL ?

[rendler-denis]

Thanks for reporting this and sorry for the delayed answer. It seems Github forgot to notify me. :( While I am looking into this, do you think it is possible to share the config for safenotes? I think it might be the configuration for the HTTPS on Safenotes that is at fault. We are already using a similar setup, Nginx as reverse proxy with HTTPS enabled on both ends.

Also, please be advised that the front-end app gets its settings, base URL and HTTP schema, from the backend. And the safenotes.example.yaml comes with settings for localhost.

[Baptiste-Leterrier]

Thanks for answering ! Do not apologize, it is awesome to have some support for this cool solution :)

The localhost part may explain the problem, this is the configuration used:

verbose:     false
server:
  ip:        0.0.0.0
  port:      80
  https:
    enable:      false
    port:        443
    cert:        ./config/cert.pem
    cert-key:    ./config/key.pem
    server-name: localhost
    enable-redirect: true
    redirect-to: https://localhost/
  auth:
    realm: localhost-restricted
    user: ~
    pass: ~

web-api:
  domain:      XXXXXX
  cors-host:   "localhost"
  path-prefix: /api

static-site:
  serve:     true
  index:     index.html
  resources: ./www
  envjs:
     web:
       domain: "http://XXXXXX/app"
       storage-path: "http://XXXXXX/api"
       theme:
#         logo:
#           image: "/app/new-logo.png"
#           imageCss: ['object-contain h-36 w-48 pt-2']

sketch:
  templatesDir: resources/templates/email
  functions:
    generateLink: http://XXXXXX/app/view-note/%s

notifications:
  enable: false
  engines:
    email:
      server: "mail.server.com"
      port: 1234
      auth:
        user: no-user
        pass: no-pass

[rendler-denis]

Hey, @Baptiste-Leterrier ! I usually run in paranoid mode, meaning HTTPS in both Nginx and the app. so I haven't tested your scenario yet, but I will have to make time. At least have it documented. I also see that for the static-site > envjs > web > domain you set the http://xxxxx/app. And the same is set for the storage-path. This means that the front-end app will try and use HTTP (port 80 and no encryption) instead of HTTPS (port 443 and encryption). That might be the issue. I am thinking the front-end is trying to reach the domain, the domain answers with a 404 or something else entirely and as such the app gives you an error message. Try updating to https://xxxxx/app and let me know if it solves the issue.

[Baptiste-Leterrier]

Yup that did the trick, sorry for wasting your time.

Corrections made:

Changed domain and storage path to https in static-site > envjs > web > domain and in static-site > envjs > web > storage-path

[rendler-denis]

That means I really need to start working on the documentation. That for letting me know the result.