search

linuxserver / docker-calibre-web

GNU General Public License v3.0
1.01k stars 145 forks source link

Reverse proxy for docker-calibre-web with Nginx on non-standard port #184

Closed kingchl closed 2 years ago

kingchl commented 2 years ago

Describe the bug/problem Hi there. When I login the Calibre-Web across my domain https://calibre-web.mydomain.com:8888, the web will redirect to https://calibre-web.mydomain.com/login?next=%2F rather than https://calibre-web.mydomain.com:8888/login?next=%2F.

I have to add this non-standard port (8888) manually to the address, then the login page gets back. And after I inputted the correct account&password, the URL will also losing the non-standard-port (redirecting to https://calibre-web.mydomain.com).

For this case when I encountered in other server applications, there could be a URL settings in the configuration file like .env, or in the server settings page, to sett as URL = https://calibre-web.mydomain.com:8888. But I haven't found it in there.

Or it seems that this problem can also be sloved by configuring the Nginx reverse-proxy config-files, but I don't know how to handle with it.

can you help me? thanks anyway

Environment (please complete the following information):

github-actions[bot] commented 2 years ago

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

ggtony233 commented 2 years ago

I also encountered this problem, in our network environment here, the default port 443 is banned by the network operator, so if I need to access my home web services from the public network, I can only access it through non-standard ports, and the redirection of this image has tormented me for several days, which is really frustrating

kingchl commented 2 years ago

I also encountered this problem, in our network environment here, the default port 443 is banned by the network operator, so if I need to access my home web services from the public network, I can only access it through non-standard ports, and the redirection of this image has tormented me for several days, which is really frustrating

我的问题解决了,给你贴上我的server模块,原模板源自于docker-swag的Nginx反向代理配置文件

## Version 2021/05/18
# make sure that your dns has a cname set for calibre-web

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name calibre-web.*;

    include /config/nginx/ssl.conf;

    add_header Strict-Transport-Security "max-age=63072000;";
    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is 
        # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia
        # user also has a corresponding user manually created in Calibre-Web.
        #include /config/nginx/authelia-location.conf;

        # include /config/nginx/proxy.conf;
        # include /config/nginx/resolver.conf;
        set $upstream_app calibre-web;
        set $upstream_port 8083;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        # 添加以下代码,使支持非标准端口的重定向。2022/3/23
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    }

    # OPDS feed for eBook reader apps
    # Even if you use Authelia, the OPDS feed requires a password to be set for
    # the user directly in Calibre-Web, as eBook reader apps don't support 
    # form-based logins, only HTTP Basic auth.
    location /opds/ {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app calibre-web;
        set $upstream_port 8083;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        proxy_set_header X-Scheme $scheme;

    }
}

重点是以下代码,注意别跟自带的/config/nginx/proxy.conf;重复了,注释掉这个include

# 添加以下代码,使支持非标准端口的重定向。2022/3/23
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
ggtony233 commented 2 years ago

额~,你说的那四个比较重要的,我只有一个和你不一样,就是host那一行,我后面跟着就直接是$host,我是一个初学者,我部署在服务器上部署的多个服务应用他们的配置区别就只有http的端口和https端口不一样,其他的应用用这一套配置是能够正常工作的

ggtony233 commented 2 years ago

就是这个 server {
listen 38083 ssl;
server_name *.top;
ssl_certificate /etc/nginx/conf.d/**.crt; ssl_certificate_key /etc/nginx/conf.d/.key; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.3; 

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
    ssl_prefer_server_ciphers on;
    location / {
      proxy_pass http://127.0.0.1:8083;
      proxy_http_version    1.1;
      proxy_cache_bypass    $http_upgrade;

      proxy_set_header Upgrade            $http_upgrade;
      proxy_set_header Connection         "upgrade";
      proxy_set_header Host               $host;
      proxy_set_header X-Real-IP          $remote_addr;
      proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto  $scheme;
      proxy_set_header X-Forwarded-Host   $host;
      proxy_set_header X-Forwarded-Port   $server_port;
    }
     }
ggtony233 commented 2 years ago

但我任然需要通过手动在域名后添加端口才能进行访问

ggtony233 commented 2 years ago

我的问题解决了,貌似是我多放了某些参数导致的蜜汁错误?这是我现在的配置

 server {
        listen 38083 ssl; 
        server_name  \************; 
        ssl_certificate /etc/nginx/conf.d/ \********************; 
        ssl_certificate_key /etc/nginx/conf.d/ \*****************; 
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.3; 
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
        ssl_prefer_server_ciphers on;
        location / {
          proxy_pass http://192.168.2.216:8083;
      client_max_body_size 0;
          proxy_set_header Host               $http_host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
        }

}
Roxedus commented 2 years ago

I have no clue about what's mentioned in the above conversation, but try setting X-Forwarded-Port to 8888

kingchl commented 2 years ago

I have no clue about what's mentioned in the above conversation, but try setting X-Forwarded-Port to 8888

Thanks for your attention, and I have tried your suggestion : ) . the problem has been solved now, it seems that proxy_set_header Host $http_host; will be the the most critical parameter for my situation.

kingchl commented 2 years ago

我的问题解决了,貌似是我多放了某些参数导致的蜜汁错误?这是我现在的配置

 server {
        listen 38083 ssl; 
        server_name  \************; 
        ssl_certificate /etc/nginx/conf.d/ \********************; 
        ssl_certificate_key /etc/nginx/conf.d/ \*****************; 
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.3; 
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
        ssl_prefer_server_ciphers on;
        location / {
          proxy_pass http://192.168.2.216:8083;
    client_max_body_size 0;
          proxy_set_header Host               $http_host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
        }

}

$http_host是关键

github-actions[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.