Closed neunenak closed 2 years ago
Had the exact same issue. Changing APP_ENV
to production
fixed it.
It seems the old Monica advice about only using local
in combination with a TLS reverse proxy is no longer valid.
As long as APP_ENV=production
, it did not matter whether APP_TRUSTED_PROXIES=*
or APP_TRUSTED_PROXIES=<ip-addresses>
, at least in my tests.
I have written an Ansible role where I put an example reverse proxy vhost config and related stuff. Monica 3.7.0, Apache 2.4.41, Ubuntu 20.04.
Had the exact same issue. Changing
APP_ENV
toproduction
fixed it. It seems the old Monica advice about only usinglocal
in combination with a TLS reverse proxy is no longer valid.As long as
APP_ENV=production
, it did not matter whetherAPP_TRUSTED_PROXIES=*
orAPP_TRUSTED_PROXIES=<ip-addresses>
, at least in my tests.I have written an Ansible role where I put an example reverse proxy vhost config and related stuff. Monica 3.7.0, Apache 2.4.41, Ubuntu 20.04.
Hm, I do have APP_ENV=production
and that's been doing nothing for me.
Yeah, that's weird. I'm not using Docker, though, maybe something is going on inside those containers.
I don't know if it helps, but here's my .env
(which might be hard to glean from the Ansible role without actually running it), for comparison, in the hopes it helps:
# Welcome, friend ❤. Thanks for trying out Monica. We hope you'll have fun.
APP_ENV=production
APP_DEBUG=false
APP_KEY=<secretkey>
HASH_SALT=<salt+32>
HASH_LENGTH=18
APP_URL=https://monica.example.se
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
# I use socket, which overrides DB_HOST and DB_PORT values
DB_UNIX_SOCKET=/var/run/mysqld/mysqld.sock
DB_DATABASE=monica
DB_USERNAME=monica
DB_PASSWORD=<secretpass>
DB_PREFIX=
DB_TEST_HOST=127.0.0.1
DB_TEST_DATABASE=monica_test
DB_TEST_USERNAME=homestead
DB_TEST_PASSWORD=secret
DB_USE_UTF8MB4=true
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=mailer@example.se
MAIL_PASSWORD=<password>
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=mailer@example.se
MAIL_FROM_NAME="Monica on Giza"
APP_EMAIL_NEW_USERS_NOTIFICATION=webmaster@example.se
APP_DEFAULT_LOCALE=en
APP_DISABLE_SIGNUP=true
APP_SIGNUP_DOUBLE_OPTIN=false
APP_TRUSTED_PROXIES=10.252.116.1,192.168.1.2,192.168.1.1
APP_TRUSTED_CLOUDFLARE=false
LOG_CHANNEL=daily
SENTRY_SUPPORT=false
SENTRY_LARAVEL_DSN=
CHECK_VERSION=true
CACHE_DRIVER=database
SESSION_DRIVER=file
SESSION_LIFETIME=120
# "sync" (default) will bypass the queues entirely (no async, no need for redis)
QUEUE_DRIVER=sync
DEFAULT_MAX_UPLOAD_SIZE=10240
DEFAULT_MAX_STORAGE_SIZE=512
DEFAULT_FILESYSTEM=public
AWS_KEY=
AWS_SECRET=
AWS_REGION=us-east-1
AWS_BUCKET=
AWS_SERVER=
MFA_ENABLED=true
DAV_ENABLED=false
MOBILE_CLIENT_ID=
MOBILE_CLIENT_SECRET=
ALLOW_STATISTICS_THROUGH_PUBLIC_API_ACCESS=false
POLICY_COMPLIANT=false
REQUIRES_SUBSCRIPTION=false
NUMBER_OF_ALLOWED_CONTACTS_FREE_ACCOUNT=10
STRIPE_KEY=
STRIPE_SECRET=
PAID_PLAN_MONTHLY_FRIENDLY_NAME=
PAID_PLAN_MONTHLY_ID=
PAID_PLAN_MONTHLY_PRICE=
PAID_PLAN_ANNUAL_FRIENDLY_NAME=
PAID_PLAN_ANNUAL_ID=
PAID_PLAN_ANNUAL_PRICE=
ENABLE_GEOLOCATION=true
LOCATION_IQ_API_KEY=<apikey>
ENABLE_WEATHER=true
DARKSKY_API_KEY=<apikey>
:tada: This issue has been resolved in version 4.0.0 :tada:
The release is available on:
v4.0.0
Your semantic-release bot :package::rocket:
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
I'm still seeing exactly the same problem as https://github.com/monicahq/monica/issues/5954 even after upgrading to a version of
monica:fpm
that includes that fix.I spent some time looking at the code and googling, and I think https://stackoverflow.com/questions/40722331/laravel-asset-method-doesnt-return-https is the fundamental problem. I'm definitely sending correct
Host
andX-Forwarded-Proto: https
headers - I'm not sure if the code in https://github.com/monicahq/monica/pull/5955/files actually fixes this - there's this project: https://github.com/fideloper/TrustedProxy that implements a Laraval middleware calledTrustedProxy
that looks more complicated than the one in the above pull request. I'm not super-knowledgable about php, but I can't tell how the middleware included in monica is supposed to tell that it needs to look at theX-Forwarded-Proto
header to have theasset
function generate correct URLs.Also the documentation in https://github.com/monicahq/monica/blob/main/docs/installation/ssl.md is out of date, since it refers to the
APP_TRUSTED_PROXIES
variable which doesn't work.