search

linuxserver / docker-swag

Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
https://docs.linuxserver.io/general/swag
GNU General Public License v3.0
2.81k stars 242 forks source link

[BUG] Proxy Protocol Breaks SSL #488

Closed julianq closed 3 months ago

julianq commented 3 months ago

Is there an existing issue for this?

Current Behavior

When Proxy Protocol is enabled on any subdomain, SSL breaks. This was working earlier today, nothing in the configuration changed, and it simply stopped working. On 2.11.0 but rolling back to 2.10.0 or 2.9.0 did not fix it.

Expected Behavior

No response

Steps To Reproduce

Add listen 443 ssl proxy_protocol; or listen 443 ssl http2 proxy_protocol; to any subdomain, even accessing over LAN is impossible. This was working as expected earlier today. It broke with no change in configuration. It is sitting behind HAProxy as load balancer.

Environment

- OS: Alpine
- How docker service was installed: docker-compose

CPU architecture

x86-64

Docker creation

---
services:
  swag:
    image: lscr.io/linuxserver/swag:2.11.0
    container_name: swag
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
      - URL=[redacted]
      - VALIDATION=dns
      - SUBDOMAINS=wildcard #optional
      - CERTPROVIDER= #optional
      - DNSPLUGIN=cloudflare #optional
      - PROPAGATION= #optional
      - EMAIL= #optional
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS=[redacted] #optional
      - STAGING=false #optional
      - DOCKER_MODS=linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:swag-cloudflare-real-ip|linuxserver/mods:swag-ffmpeg|linuxserver/mods:swag-auto-reload #optional
      - MAXMINDDB_LICENSE_KEY=[redacted] #optional
      - MAXMINDDB_USER_ID=[redacted] #optional
      - WATCHLIST="/config/nginx/proxy-confs"
    volumes:
      - /root/swag/config:/config
    ports:
      - 443:443
      - 80:80 #optional
      - 81:81 #optional

Container logs

none worth mentioning, simply states "server ready."

access and error logs are similarly blank.
github-actions[bot] commented 3 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.