MediaCMS does not work properly behind a reverse proxy

[Mozitux]

Describe the issue Hello, I self-host my servers and to do this I use port forwarding and a reverse proxy.

I noticed that the home page does not display when going through the proxy address, same for user profiles or uploading videos, there is an infinite loading screen.

As soon as I go back to the local ip or the public ip, everything works correctly, how can I fix the problem? Is there an additional port to open besides port 80 and 443?

To Reproduce Steps to reproduce the issue:

1. Make a MediaCMS server behind a reverse proxy
2. Load the home pages, user's profiles or try to upload a video
3. See error

Screenshots

Environment (please complete the following information):

• OS: Proxmox 7.2 (Debian OS based)
• Installation method: Single server
• Browser: I've tried Firefox and Edge

Other I use Apache2 for the reverse proxy

[JustinBack]

These two missing lines in the settings.py fixed it for me.

USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

These lines instruct django to use the forwarded headers from the reverse proxy

[Mozitux]

@JustinBack Hello, thank you! Unfortunately it doesn't seem to work for me, I enter the two lines in this format, is it correct? (I've tried just copy/pasting and it doesn't work)

USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('http://not-youtube.com:2080', 'https://not-youtube.com:2443')

[JustinBack]

Hi!

Keep the lines as is in my comment above, don't change anything and it should work properly :-)

Edit: Just saw that you tried the original one as well. Is nginx properly setting the x-forwarded-host and x-forwarded-proto header?

[Mozitux]

I'm not familiar with nginx, how can I check this?

[JustinBack]

Are you running the dockerized nginx proxy or running a locally installed nginx? I removed the dockerized nginx proxy as it caused a couple of issues but here is my nginx config:

server {

    server_name my.server.tld;

    client_max_body_size 5G;
    charset utf-8;

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass http://localhost:8012; # 8012 being the forwarded port of the web container in docker
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my.server.tld/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.server.tld/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = my.server.tld) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name my.server.tld;

    listen [::]:80;
    listen 80;
    return 404; # managed by Certbot

}

[Mozitux]

Hello, I'm running locally installed nginx and use an Apache2 revert proxy What file is this from?

[Mozitux]

Here is a diagram of my reverse proxy configuration:

[keineAngabe03]

Hi,

when your Browser Console responds something like this

you can try adding the following lines to your Apache Site Config:

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

That worked for me.

Heres my full config file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName [domain]
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / [URL of MediaCMS Server]
ProxyPassReverse /  [URL of MediaCMS Server]
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
[Let's Encrypt Settings]
</VirtualHost>
</IfModule>

Unfortunately, it only works if you are logged in. I have written more about this here: https://github.com/mediacms-io/mediacms/issues/502

[Mozitux]

Hey, thanks for your repply! I will check this soon. 👍

[mrhhats]

HI there, same issues here with a nginx proxy manager (reverse proxy) and a new ubuntu 20 stand alone server/install based on this tutorial.

https://theitguycj.com/self-host-and-share-your-videos-audio-and-pictures-with-mediacms/

my current setup is showing the same half broken pages https://media.bluegoat.ca

i tried adding ALLOW_ANONYMOUS_ACTIONS = [] to local_settings.py and restarted. no change.