LDAP login results in auth-success with a Test message but no homepage

[carlsonp]

We had a running and successfully setup version of ShinyProxy 3.0.1 setup with LDAP as our authentication. We upgraded to 3.0.2. Now when we login, it goes to the following URL: https://ourserver.com/auth-success, with a message on the screen of Test. It does not redirect properly to the main page. If we adjust the URL and take off auth-success it loads up and we can see the main page with a list of the Shiny applications to run. There are no error messages in the Docker log file.

We also have nginx setup as a reverse proxy. Our nginx.conf file looks like this:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    # make log files visible in browser and not force you to download them
    types {
        text/plain log;
    }

    server {
        listen                80;
        rewrite     ^(.*)     https://$host$1 permanent;
    }

    # port forward to Shiny
    # use `nginx -t` to test
    # https://lukesingham.com/shiny-containers-with-shinyproxy/
    # https://shinyproxy.io/documentation/security/
    server {
        listen 443 ssl;
        ssl_certificate /usr/local/share/ca-certificates/certificate.crt;
        ssl_certificate_key /usr/local/share/ca-certificates/private.key;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        error_page 502 /custom_502.html;
        location = /custom_502.html {
            root /usr/share/nginx/html;
            internal;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        }

        location / {
            proxy_pass http://shinyproxy:8080;
            proxy_http_version                    1.1;
            proxy_set_header Upgrade              $http_upgrade;
            proxy_set_header Connection           "upgrade";
            proxy_read_timeout                    600s;
            proxy_redirect                        off;
            proxy_set_header Host                 $http_host;
            proxy_set_header X-Real-IP            $remote_addr;
            proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Protocol $scheme;

            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        }

        # container log files
        location /container-logs/ {
            alias /container-logs/;
            autoindex on;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        }
    }

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log debug;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

I don't see any error messages in the Docker nginx logs.

Does anyone have any suggestions on what to try? I didn't notice anything in the release note that would indicate any config changes to make for LDAP. Thanks

[LEDfan]

Hi I think this is a similar issue as https://github.com/openanalytics/shinyproxy/issues/435

Can you try changing this line in your config:

proxy_set_header X-Forwarded-Protocol $scheme;

to

proxy_set_header  X-Forwarded-Proto $scheme;

(see https://shinyproxy.io/documentation/security/#https-ssl--tls )

Next you'll have to add the following configuration to ShinyProxy (on the root level of the configuration file, not nested under proxy):

server:
  forward-headers-strategy: native

```yaml

[carlsonp]

Thank you so much! This fixed the issue, cheers.