Closed MikeyYeahYeah closed 3 years ago
Not sure whats going on there, but you can have a look at what nginx-proxy does in this example: https://github.com/mediacms-io/mediacms/blob/main/docs/Docker_deployment.md#advanced-deployment-with-reverse-proxy-accessed-as-httpslocalhost
Hi, not sure if it is related, checkout the Site variable at /admin/sites/site/ and make sure it's the same as the FRONTEND_HOST. The site is an important variable for Django applications. It takes the value you set as FRONTEND_HOST on deploy/docker/local_settings.py upon first time run (when the image is created), so if you set a new one at some point later you will have to change this to reflect the new one. If this makes any difference let us know!
Very strange... I went to admin/sites/site and all I saw in there was example.com
.
For some reason, the links are all over the place. For science, I tried setting the FRONTEND_LOCAL
value to http://localhost
, rebuilt, and restarted.
All links on the side navbar point use localhost as the base URL EXCEPT the following links that actually point to my subdomain correctly:
My Media
My Playlist
About
Terms
Contact
What is different about these? Is this value not being fed to React correctly? This is very odd. I do appreciate your patience with my questions. Django is a magical mystery box to me. Every other app I deploy using docker-compose respects my nginx reverse proxy without issue.
This is the config that nginx-proxy container
uses for mediacms.example.com
tested it, and works for me.
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
# mediacms.example.com
upstream mediacms.example.com {
## Can be connected with "mediacms_default" network
# mediacms_web_1
server 192.168.128.8:80;
}
server {
server_name mediacms.example.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name mediacms.example.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/mediacms.example.com.crt;
ssl_certificate_key /etc/nginx/certs/mediacms.example.com.key;
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
proxy_pass http://mediacms.example.com;
}
}
I suspect these two:
upstream mediacms.example.com {
## Can be connected with "mediacms_default" network
# mediacms_web_1
server 192.168.128.8:80;
}
and
location / {
proxy_pass http://mediacms.example.com;
}
might make it work in your case
Very strange... I went to admin/sites/site and all I saw in there was
example.com
.For some reason, the links are all over the place. For science, I tried setting the
FRONTEND_LOCAL
value tohttp://localhost
, rebuilt, and restarted.All links on the side navbar point use localhost as the base URL EXCEPT the following links that actually point to my subdomain correctly:
My Media My Playlist About Terms Contact
What is different about these? Is this value not being fed to React correctly? This is very odd. I do appreciate your patience with my questions. Django is a magical mystery box to me. Every other app I deploy using docker-compose respects my nginx reverse proxy without issue.
Hi, /admin/sites/site is getting used in several places but you are right, it isn't the domain that the media urls are served from.
This should be the FRONTEND_HOST
variable on deploy/docker/local_settings.py
Some urls are hardcoded indeed as relative urls, in files as templates/config/core/user.html
@MikeyYeahYeah did any of the suggestions work for you? Please update for the benefit of anyone who reads this in future
Sadly they did not. I am sure there is a solution to the problem but I just ran out of time to troubleshoot this one. It's probably something I am doing so closing the issue.
try setting this in the server location and dropping your other headers
proxy_set_header Host $server_name;
proxy_set_header X-Forwarded-Proto https;
AKA do NOT use these
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
i just used this on a quick CMS docker local install:
location / {
proxy_set_header Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://ipofcmshost:8066;
}
(i do note, as documented, the docker-compose.yaml doesn't work and the built in ngix instance keeps redirecting browsers to SSL even though the default using docker-compose..yaml shouldn't do that, i would offer to correct the docs but was just helping someone out who couldn't figure out how to get any of this working, not surprising as the docker stuff doesn't work as documented)
Hi @scyto , please open a PR with any changes you believe are needed on the docs and/or the docker-compose files and we can discuss there!
I run my own Nginx reverse proxy with SSL termination. I am experiencing an interesting issue.
When I set the
FRONTEND_HOST
variable in thedeploy/docker/local_settings.py
to https://mydomain.example.com and start the app, all of the links and login logic work well and point to the correct domain.However, any assets IE videos and images do not point to the correct link. They will point to my IP Address and port for some reason. Not sure what I am doing wrong. Posting snippets below:
I am using the standard
docker-compose.yml
file. The only modification I have made was setting theweb
ports from80:80
to10100:80
nginx config