[BUG] Incorrect host being passed to application when this container is behind a reverse proxy

[KuroSetsuna29]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

When using a reverse proxy, such as nginx, to proxy pass to this container the application is loading resources and redirecting with incorrect host.

For example, my reverse proxy is running on https://speedtest.mydomain.com:1443/. Then when going to https://speedtest.mydomain.com:1443/, the application will redirect to https://speedtest.mydomain.com/admin/login (note missing port).

Expected Behavior

Going to https://speedtest.mydomain.com:1443/ should correctly redirect to https://speedtest.mydomain.com:1443/admin/login.

Steps To Reproduce

1. Setup speedtest-tracker container using defaults
2. Setup nginx reverse proxy
3. Go to reverse proxy domain
4. See incorrect redirect

Environment

- OS: Unraid 6.12.13
- How docker service was installed: Unraid community application
- Reverse proxy container: swag
- Nginx proxy header config:

proxy_set_header Connection $connection_upgrade;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Host $http_host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Server $http_host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;

CPU architecture

x86-64

Docker creation

docker run
  -d
  --name='speedtest-tracker'
  --net='proxynet'
  --cpuset-cpus='0,1,12,13'
  --pids-limit 2048
  -e TZ="America/New_York"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="KUROPOP"
  -e HOST_CONTAINERNAME="speedtest-tracker"
  -e 'APP_KEY'='*****************'
  -e 'DB_CONNECTION'='sqlite'
  -e 'SPEEDTEST_SCHEDULE'='0 * * * *'
  -e 'SPEEDTEST_SERVERS'='64882,17568,46811'
  -e 'DB_HOST'=''
  -e 'DB_PORT'=''
  -e 'DB_DATABASE'=''
  -e 'DB_USERNAME'=''
  -e 'DB_PASSWORD'=''
  -e 'DISPLAY_TIMEZONE'='America/Toronto'
  -e 'PRUNE_RESULTS_OLDER_THAN'='0'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'UMASK'='000'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:80]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/speedtest-tracker-logo.png'
  -p '8001:80/tcp'
  -v '/mnt/user/appdata/speedtest-tracker':'/config':'rw' 'lscr.io/linuxserver/speedtest-tracker'

Container logs

N/A

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[KuroSetsuna29]

My current workaround is to add the following to my nginx reverse proxy to rewrite the response, but not ideal:

proxy_redirect http://speedtest.mydomain.com/ https://speedtest.mydomain.com:1443/;
proxy_redirect http://speedtest.mydomain.com:1443/ https://speedtest.mydomain.com:1443/;
proxy_redirect https://speedtest.mydomain.com/ https://speedtest.mydomain.com:1443/;
sub_filter "http://speedtest.mydomain.com/" "https://speedtest.mydomain.com:1443/";
sub_filter "http://speedtest.mydomain.com:1443/" "https://speedtest.mydomain.com:1443/";
sub_filter "https://speedtest.mydomain.com/" "https://speedtest.mydomain.com:1443/";
sub_filter "http:\/\/speedtest.mydomain.com\/" "https:\/\/speedtest.mydomain.com:1443\/";
sub_filter "http:\/\/speedtest.mydomain.com:1443\/" "https:\/\/speedtest.mydomain.com:1443\/";
sub_filter "https:\/\/speedtest.mydomain.com\/" "https:\/\/speedtest.mydomain.com:1443\/";
sub_filter_once off;
sub_filter_types *;

Edit: Added proxy_redirect to fix redirects as well

[thespad]

We've somehow missed the APP_URL setting from the readme, it needs to be set for nonstandard ports to the full URL (including port and protocol). e.g.

APP_URL=https://speedtest.mydomain.com:1443

I'll sort out a PR to update the readme.

[KuroSetsuna29]

@thespad Hmm, I just tried that and still getting the same behaviour

I put it both in docker environment variable and .env in the config folder.

[thespad]

Looks like there's an upstream issue here https://github.com/alexjustesen/speedtest-tracker/issues/1673

Not going to fiddle with the image until there's a clear resolution from it, but might give you some ideas.

[KuroSetsuna29]

Interesting, so adding the ASSET_URL fixed a different issue. Basically I can bypass the redirect issues if I go to the login page directly, ie. /admin/login instead of going to / which will try to redirect me to login but drop the port. But I then noticed a different problem where css/js/fonts were still not loading from correct hostname. Adding the ASSET_URL seems to fix the css/js/font issue but the redirect is still taking me to the wrong port.

I don't think its entirely an upstream issue since the redirect works correctly going to the container by IP address, eg. http://192.168.1.1:8001/ (where I mapped docker port 8001:80). My guess is the X-Forwarded-Host (or one of the http headers) is not being correctly forwarded to the application in the nginx configuration. So my reverse proxy is passing the custom X-Forwarded-Host header, but then the nginx inside the container is discarding that and passing its own header value.

For now my workaround posted here works, so I guess I will continue to use that.

Thanks for taking a look.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.