search

mealie-recipes / mealie

Mealie is a self hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in Vue for a pleasant user experience for the whole family. Easily add recipes into your database by providing the url and mealie will automatically import the relevant data or add a family recipe with the UI editor
https://docs.mealie.io
GNU Affero General Public License v3.0
7.31k stars 732 forks source link

[BUG] - 405 with mealie authentication over nginx ssl #4197

Closed yggdrasil75 closed 3 weeks ago

yggdrasil75 commented 1 month ago

First Check

What is the issue you are experiencing?

I am using the default (mealie) authentication instead of any other option, when I log in locally with localhost then it works fine, but if I remotely attempt to log in using nginx as my reverse proxy and an ssl certificate for *..com I get an error 405.

Steps to Reproduce

docker version, default login method, no special credential managers, nginx reverse proxy, failed.

Please provide relevant logs

mealie | DEBUG 2024-09-11T11:28:43 - Language set to en mealie | INFO 2024-09-11T11:28:43 - [127.0.0.1:41662] 200 OK "GET /api/app/about HTTP/1.1" mealie | INFO 2024-09-11T11:29:00 - [\<client>:0] 405 Method Not Allowed "POST /index.php HTTP/1.1"

Mealie Version

"latest" tag (version 1.12.0)

Deployment

Docker (Linux)

Additional Deployment Details

base_url set to https://recipes.<mydomain>.com using sqlite only other changes are port to 7143 (all my docker containers are 7100 so they are in a similar range), volume is ./config

yggdrasil75 commented 1 month ago

I attempted both username and email as options.

boc-the-git commented 1 month ago

Can you share your nginx config too? I won't be able to help you with it, but it's the most likely cause of your problems.

yggdrasil75 commented 1 month ago 
server {
    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
#    listen                 80;
    server_name             recipes.<mydomain>.com;

    # SSL
#    ssl_certificate         /etc/letsencrypt/live/<mydomain>.com/fullchain.pem;
#    ssl_certificate_key     /etc/letsencrypt/live/<mydomain>.com/privkey.pem;
#    ssl_trusted_certificate /etc/letsencrypt/live/<mydomain>.com/chain.pem;
    ssl_certificate         /etc/letsencrypt/live/<mydomain>.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/<mydomain>.com/privkey.pem;
#    ssl_trusted_certificate /etc/letsencrypt/live/files.<mydomain>.com/chain.pem;

    # security
#    include                 nginxconfig.io/security.conf;

    # logging
    access_log              /var/log/nginx/access.log combined buffer=512k flush=1m;
    error_log               /var/log/nginx/error.log warn;

    # index.php fallback
    location ~ ^/api/ {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # reverse proxy
    location / {
#       alias /data/;
#       autoindex on;
        proxy_pass            http://192.168.1.17:7143/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#        proxy_cache_bypass $http_upgrade;
        proxy_read_timeout 36000s;
        proxy_redirect http:// https://;
    }

# additional config
#    include nginxconfig.io/general.conf;

}

# subdomains redirect
server {
    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             *.recipes.<mydomain>.com;

    # SSL
    ssl_certificate         /etc/letsencrypt/live/<mydomain>.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/<mydomain>.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/<mydomain>.com/chain.pem;
    return                  301 https://recipes.<mydomain>.com$request_uri;
}

# HTTP redirect
server {
    listen      80;
    listen      [::]:80;
    server_name recipes.<mydomain>.com;
    include     nginxconfig.io/letsencrypt.conf;
    location / {
        return 301 https://recipes.<mydomain>.com$request_uri;
    }
}
yggdrasil75 commented 1 month ago

just had certbot force expire old certificates, enabled chain (dont know why I was only using full chain. something in existing config I copied), restarted nginx and restarted client browser to get it to pull the newest certificate version in case that was the issue. no changes. still getting 405 when I try to log in.

github-actions[bot] commented 3 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

yggdrasil75 commented 3 weeks ago

stale bot is stupid. its just a way to increase your closed tickets without actually fixing issues.

hay-kot commented 3 weeks ago

This isn’t even an issue with Mealie and not something we have expertise to help with. Closing this, feel free to open a discussion, or if you do find an actual issue with Mealie you can open up a new issue.