500 SERVER ERROR snipe-it:v7.0.9-ls287 when on https

[jennso]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

I should get the setup page for snipe-it instead I get a error 500 SERVER ERROR when running on https behind a reverse proxy, even after setup done in http

Expected Behavior

the snipe-it setup page should load to start the app setup

Steps To Reproduce

1. Install docker on rocky 8
2. create a folder
3. create docker compose for snipe-it including madiadb
4. start the containers and navigate to https://

If I don't use the reverse proxy and load the application exposing port 80 and change my app url from https to http I get the setup screen and it works, then I do all the setup and if then after the setup I enable https I get the 500 SERVER ERROR error again

Environment

- OS:rocky linux 8.9
- How docker service was installed: via docker repo rpm package

CPU architecture

x86-64

Docker creation

nginx reverse proxy
---
services:
  nginx-proxy:
    image: 'jc21/nginx-proxy-manager:2.11.3'
    container_name: nginx-proxy
    ports:
      - '80:80'
      - '443:443'
      - '81:81'
    environment:
      DB_MYSQL_HOST: "mariadb"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
      DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - mariadb
    networks:
      - frontend
    restart: unless-stopped

  mariadb:
    image: 'jc21/mariadb-aria:10.11.5'
    container_name: nginx-proxy-database
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
      MARIADB_AUTO_UPGRADE: '1'
    volumes:
      - ./mysql:/var/lib/mysql
    networks:
      - frontend
    restart: unless-stopped

networks:
   frontend:
     driver: bridge

snipe-it
---
services:
  snipe-it:
    image: lscr.io/linuxserver/snipe-it:v7.0.9-ls287
    container_name: snipe-it
    environment:
      - PUID=1000
      - PGID=1000
      - APP_KEY=
      - TZ=America/Toronto
      - APP_URL=https://snipe.mydomain.com
      - APP_FORCE_TLS=true
      - MYSQL_PORT_3306_TCP_ADDR=mariadb
      - MYSQL_PORT_3306_TCP_PORT=3306
      - MYSQL_DATABASE=snipe
      - MYSQL_USER=admin
      - MYSQL_PASSWORD=TDLoJZdzDQM9
    volumes:
      - ./config:/config
    networks:
      - nginx-proxy_frontend
      - backend
    restart: unless-stopped

  mariadb:
    image: lscr.io/linuxserver/mariadb:10.11.8-r0-ls149
    container_name: mariadb
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Toronto
      - MYSQL_ROOT_PASSWORD=TDLoJZdzDQM9
      - MYSQL_DATABASE=snipe
      - MYSQL_USER=admin
      - MYSQL_PASSWORD=TDLoJZdzDQM9
    volumes:
      - ./dbconfig:/config
    networks:
      - backend
    restart: unless-stopped

networks:
      nginx-proxy_frontend:
         external: true
      backend:
         driver: bridge

Container logs

snipe-it  | [migrations] started
snipe-it  | [migrations] 01-nginx-site-confs-default: executing...
snipe-it  | [migrations] 01-nginx-site-confs-default: succeeded
snipe-it  | [migrations] 02-default-location: executing...
snipe-it  | [migrations] 02-default-location: succeeded
snipe-it  | [migrations] done
snipe-it  | ───────────────────────────────────────
snipe-it  |
snipe-it  |       ██╗     ███████╗██╗ ██████╗
snipe-it  |       ██║     ██╔════╝██║██╔═══██╗
snipe-it  |       ██║     ███████╗██║██║   ██║
snipe-it  |       ██║     ╚════██║██║██║   ██║
snipe-it  |       ███████╗███████║██║╚██████╔╝
snipe-it  |       ╚══════╝╚══════╝╚═╝ ╚═════╝
snipe-it  |
snipe-it  |    Brought to you by linuxserver.io
snipe-it  | ───────────────────────────────────────
snipe-it  |
snipe-it  | To support the app dev(s) visit:
snipe-it  | Snipe-IT: https://snipeitapp.com/donate
snipe-it  |
snipe-it  | To support LSIO projects visit:
snipe-it  | https://www.linuxserver.io/donate/
snipe-it  |
snipe-it  | ───────────────────────────────────────
snipe-it  | GID/UID
snipe-it  | ───────────────────────────────────────
snipe-it  |
snipe-it  | User UID:    1000
snipe-it  | User GID:    1000
snipe-it  | ───────────────────────────────────────
snipe-it  | Linuxserver.io version: v7.0.9-ls287
snipe-it  | Build-date: 2024-07-11T18:53:37+00:00
snipe-it  | ───────────────────────────────────────
snipe-it  |
snipe-it  | Setting resolver to  127.0.0.11
snipe-it  | Setting worker_processes to 4
snipe-it  | generating self-signed keys in /config/keys, you can replace these with your own keys if required
snipe-it  | ...+...+..+.+...+............+++++++++++++++++++++++++++++++++++++++*...+...............+++++++++++++++++++++++++++++++++++++++*..+...............+...+............+.....+....+.........+......+......+..+.+..+....+........+......+.+......+..+...+.........+.+........+.+.....+....+.........+...+..+.+.........+.....+.+.....+.........+...+...+.+.....+.+...+.................+.........+...+......+.+.........+..+...+......+...+...............+.......+........+...+..................+......+......+............................+..+...+......+.+...+..+.......+..+...+..........+....................+......+.+.....+.+.....+...+....+...+..+............+....+.....+......+....+..+....+...+.....+.+...............+...........+.+...+.....+.+........+.+..+.......+..+...+...+....+...+...........+.........+...+.........+.........+.+...+.....+......+....+............+...........+...+.......+............+...+...............+..+...+.........+......+....+...+........+.......+.....+.+......+........+......+.+...+........+...+..........+..+...+....+..+.+...+.................+..........+..+...+.............+..............+......+.......+..+..........+...........+......+..........+...+....................+......+....+.....+.+.....+......+....+..+...+.......+.....+....+.....++++++
snipe-it  | ..+...........+......+...+++++++++++++++++++++++++++++++++++++++*.+...+............+..+.+......+...+++++++++++++++++++++++++++++++++++++++*.......+...+...........+...+...+....+......+.........+...+......+......+.....+......++++++
snipe-it  | -----
snipe-it  | Generating SnipeIT app key for first run
snipe-it  | App Key set to base64:zzrHFk2URxa0PYQB3VbyIR86fcHspDaN62Y5Muga8ag= you can set the APP_KEY environment variable to provide a persistent key.
snipe-it  | [custom-init] No custom files found, skipping...
snipe-it  | [ls.io-init] done.
snipe-it  |
snipe-it  |    INFO  No scheduled commands are ready to run.
snipe-it  |
snipe-it  |
snipe-it  |   2024-07-16 05:45:01 Running ['artisan' auth:clear-resets] ....... 187ms FAIL
snipe-it  |   ⇂ '/usr/bin/php83' 'artisan' auth:clear-resets > '/dev/null' 2>&1
snipe-it  |
snipe-it  |
snipe-it  |    INFO  No scheduled commands are ready to run.
snipe-it  |
snipe-it  |
snipe-it  |    INFO  No scheduled commands are ready to run.
snipe-it  |
snipe-it  |
snipe-it  |    INFO  No scheduled commands are ready to run.
snipe-it  |
snipe-it  |
snipe-it  |    INFO  No scheduled commands are ready to run.
snipe-it  |
mariadb   | [migrations] started
mariadb   | [migrations] no migrations found
mariadb   | ───────────────────────────────────────
mariadb   |
mariadb   |       ██╗     ███████╗██╗ ██████╗
mariadb   |       ██║     ██╔════╝██║██╔═══██╗
mariadb   |       ██║     ███████╗██║██║   ██║
mariadb   |       ██║     ╚════██║██║██║   ██║
mariadb   |       ███████╗███████║██║╚██████╔╝
mariadb   |       ╚══════╝╚══════╝╚═╝ ╚═════╝
mariadb   |
mariadb   |    Brought to you by linuxserver.io
mariadb   | ───────────────────────────────────────
mariadb   |
mariadb   | To support LSIO projects visit:
mariadb   | https://www.linuxserver.io/donate/
mariadb   |
mariadb   | ───────────────────────────────────────
mariadb   | GID/UID
mariadb   | ───────────────────────────────────────
mariadb   |
mariadb   | User UID:    1000
mariadb   | User GID:    1000
mariadb   | ───────────────────────────────────────
mariadb   | Linuxserver.io version: 10.11.8-r0-ls149
mariadb   | Build-date: 2024-07-10T10:49:07+00:00
mariadb   | ───────────────────────────────────────
mariadb   |
mariadb   | Setting Up Initial Databases
mariadb   | Installing MariaDB/MySQL system tables in '/config/databases' ...
mariadb   | 2024-07-16  5:43:38 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
mariadb   | OK
mariadb   |
mariadb   | To start mariadbd at boot time you have to copy
mariadb   | support-files/mariadb.service to the right place for your system
mariadb   |
mariadb   |
mariadb   | PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
mariadb   | To do so, start the server, then issue the following command:
mariadb   |
mariadb   | '/usr/bin/mariadb-secure-installation'
mariadb   |
mariadb   | which will also give you the option of removing the test
mariadb   | databases and anonymous user created by default.  This is
mariadb   | strongly recommended for production servers.
mariadb   |
mariadb   | See the MariaDB Knowledgebase at https://mariadb.com/kb
mariadb   |
mariadb   | You can start the MariaDB daemon with:
mariadb   | cd '/usr' ; /usr/bin/mariadbd-safe --datadir='/config/databases'
mariadb   |
mariadb   | You can test the MariaDB daemon with mysql-test-run.pl
mariadb   | cd '/usr/mysql-test' ; perl mariadb-test-run.pl
mariadb   |
mariadb   | Please report any problems at https://mariadb.org/jira
mariadb   |
mariadb   | The latest information about MariaDB is available at https://mariadb.org/.
mariadb   |
mariadb   | Consider joining MariaDB's strong and vibrant community:
mariadb   | https://mariadb.org/get-involved/
mariadb   |
mariadb   | 2024-07-16  5:43:40 0 [Note] Starting MariaDB 10.11.8-MariaDB-log source revision 3a069644682e336e445039e48baae9693f9a08ee as process 186
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Compressed tables use zlib 1.3.1
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Number of transaction pools: 1
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
mariadb   | 2024-07-16  5:43:40 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Using Linux native AIO
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Initializing buffer pool, total size = 256.000MiB, chunk size = 4.000MiB
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Completed initialization of buffer pool
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: File system buffers for log disabled (block size=512 bytes)
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: End of log at LSN=46980
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: 128 rollback segments are active.
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: log sequence number 46980; transaction id 14
mariadb   | 2024-07-16  5:43:40 0 [Note] Plugin 'FEEDBACK' is disabled.
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Loading buffer pool(s) from /config/databases/ib_buffer_pool
mariadb   | 2024-07-16  5:43:40 0 [Note] InnoDB: Buffer pool(s) load completed at 240716  5:43:40
mariadb   | 2024-07-16  5:43:40 0 [Note] Server socket created on IP: '0.0.0.0'.
mariadb   | 2024-07-16  5:43:40 0 [Note] Server socket created on IP: '::'.
mariadb   | 2024-07-16  5:43:40 0 [Note] mariadbd: ready for connections.
mariadb   | Version: '10.11.8-MariaDB-log'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  Alpine Linux
mariadb   | 2024-07-16  5:43:42 0 [Note] mariadbd (initiated by: root[root] @ localhost []): Normal shutdown
mariadb   | 2024-07-16  5:43:42 0 [Note] InnoDB: FTS optimize thread exiting.
mariadb   | 2024-07-16  5:43:42 0 [Note] InnoDB: Starting shutdown...
mariadb   | 2024-07-16  5:43:42 0 [Note] InnoDB: Dumping buffer pool(s) to /config/databases/ib_buffer_pool
mariadb   | 2024-07-16  5:43:42 0 [Note] InnoDB: Buffer pool(s) dump completed at 240716  5:43:42
mariadb   | 2024-07-16  5:43:42 0 [Note] InnoDB: Removed temporary tablespace data file: "./ibtmp1"
mariadb   | 2024-07-16  5:43:42 0 [Note] InnoDB: Shutdown completed; log sequence number 46980; transaction id 16
mariadb   | 2024-07-16  5:43:42 0 [Note] mariadbd: Shutdown complete
mariadb   |
mariadb   | Database Setup Completed
mariadb   | [custom-init] No custom files found, skipping...
mariadb   | 240716 05:43:43 mysqld_safe Logging to '/config/databases/f5559a448367.err'.
mariadb   | 240716 05:43:43 mysqld_safe Starting mariadbd daemon with databases from /config/databases
mariadb   | Connection to localhost (::1) 3306 port [tcp/mysql] succeeded!
mariadb   | [ls.io-init] done.

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[jennso]

I figured out that the certs are located in /config/keys I installed the cert there and removed the proxy, I still get the same error, now I enabled app debug and got a bit more information on the error, on the debug screen I get "cURL error 60: SSL certificate problem: unable to get local issuer certificate" even though the cert is good in chrome it's valid and no issues there.

Any help would be greatly appreciated

[jennso]

For anyone having this issue, if you are using local certificated you need to add your bundleCA to the php configuration, otherwise it will check only the CAs of the container os and not the ones installed on the host machine, I made aware of my custom CA by copying it to the /config/keys place and editing the php-local.ini and adding openssl.cafile=/config/keys/ca-bundle.trust.crt after that a restart and everything is working now.

[jbrownmontage223423]

This helped me greatly thank you for sharing this solve!!

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.